JPH10507324A - Loving software license for hardware agents - Google Patents
Loving software license for hardware agentsInfo
- Publication number
- JPH10507324A JPH10507324A JP8509598A JP50959896A JPH10507324A JP H10507324 A JPH10507324 A JP H10507324A JP 8509598 A JP8509598 A JP 8509598A JP 50959896 A JP50959896 A JP 50959896A JP H10507324 A JPH10507324 A JP H10507324A
- Authority
- JP
- Japan
- Prior art keywords
- integrated circuit
- agent
- hardware
- circuit component
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 claims abstract description 32
- 238000004891 communication Methods 0.000 claims description 34
- 238000012545 processing Methods 0.000 claims description 23
- 238000003860 storage Methods 0.000 claims description 23
- 230000004044 response Effects 0.000 claims description 13
- 238000012546 transfer Methods 0.000 claims description 10
- 230000008878 coupling Effects 0.000 claims 2
- 238000010168 coupling process Methods 0.000 claims 2
- 238000005859 coupling reaction Methods 0.000 claims 2
- 230000010354 integration Effects 0.000 claims 1
- 230000008569 process Effects 0.000 abstract description 8
- 239000003795 chemical substances by application Substances 0.000 description 77
- 238000010586 diagram Methods 0.000 description 5
- 238000009826 distribution Methods 0.000 description 5
- 230000005540 biological transmission Effects 0.000 description 4
- 230000002093 peripheral effect Effects 0.000 description 3
- 101000610537 Homo sapiens Prokineticin-1 Proteins 0.000 description 2
- 101001129076 Homo sapiens Serine/threonine-protein kinase N1 Proteins 0.000 description 2
- 102100031206 Serine/threonine-protein kinase N1 Human genes 0.000 description 2
- 238000012550 audit Methods 0.000 description 2
- 230000008901 benefit Effects 0.000 description 2
- 238000004364 calculation method Methods 0.000 description 2
- 238000004519 manufacturing process Methods 0.000 description 2
- 239000004065 semiconductor Substances 0.000 description 2
- 241001522296 Erithacus rubecula Species 0.000 description 1
- JEYCTXHKTXCGPB-UHFFFAOYSA-N Methaqualone Chemical compound CC1=CC=CC=C1N1C(=O)C2=CC=CC=C2N=C1C JEYCTXHKTXCGPB-UHFFFAOYSA-N 0.000 description 1
- 241000700605 Viruses Species 0.000 description 1
- 230000004913 activation Effects 0.000 description 1
- 230000002411 adverse Effects 0.000 description 1
- 238000013475 authorization Methods 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 239000000356 contaminant Substances 0.000 description 1
- 238000007796 conventional method Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 239000004744 fabric Substances 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 229910000498 pewter Inorganic materials 0.000 description 1
- 239000010957 pewter Substances 0.000 description 1
- 238000012552 review Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
- G07F7/10—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
- G07F7/1008—Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/109—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM] by using specially-adapted hardware at the client
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
- G06F21/445—Program or device authentication by mutual authentication, e.g. between devices or programs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/72—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
- G06Q20/341—Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
- G06Q20/355—Personalisation of cards for use
- G06Q20/3552—Downloading or loading of personalisation data
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/409—Device specific authentication in transaction processing
- G06Q20/4097—Device specific authentication in transaction processing using mutual authentication between devices and transaction partners
- G06Q20/40975—Device specific authentication in transaction processing using mutual authentication between devices and transaction partners using encryption therefor
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/14—Protection against unauthorised use of memory or access to memory
- G06F12/1408—Protection against unauthorised use of memory or access to memory by using cryptography
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2211/00—Indexing scheme relating to details of data-processing equipment not covered by groups G06F3/00 - G06F13/00
- G06F2211/007—Encryption, En-/decode, En-/decipher, En-/decypher, Scramble, (De-)compress
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2103—Challenge-response
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2153—Using hardware token as a secondary aspect
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/101—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying security measures for digital rights management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
Abstract
(57)【要約】 ライセンス供与制限を強制するための集積回路構成要素。前記強制は、ライセンス・プログラムを実行するアクセス特権を集積回路構成要素から他の同様の構成要素に遠隔送信することによって行われる。集積回路構成要素は、固有に指定されたキーの対(11、12)、認証装置証明(80)と、製造業者公開キー(16)とを暗号アルゴリズムと共に記憶する不揮発性メモリと、集積回路構成要素に入力された情報を処理するために暗号アルゴリズムを実行し、処理された情報を揮発性メモリに送るプロセッサと、固有に指定されたキーの対を集積回路構成要素内で内部的に生成する乱数発生器とを備える。 (57) [Abstract] An integrated circuit component to enforce licensing restrictions. The enforcement is performed by remotely transmitting access privileges to execute the licensed program from the integrated circuit component to other similar components. An integrated circuit component comprising: a non-volatile memory that stores a uniquely specified key pair (11, 12), an authentication device certificate (80), and a manufacturer public key (16) together with a cryptographic algorithm; Executes a cryptographic algorithm to process information entered into the element, and internally generates a uniquely designated key pair within the integrated circuit component and a processor that sends the processed information to volatile memory A random number generator.
Description
【発明の詳細な説明】 ハードウェア・エージェントに対するロビング・ソフトウェア・ライセンス 発明の背景 発明の分野 本発明は、ライセンス供与ソフトウェアに関する。詳細には、本発明は、第1 のハードウェア・エージェントを有する許可されたノードからライセンス・ソフ トウェア・プログラムを実行するアクセス特権を、特定ユーザ・ライセンスに違 反することなく第2のハードウェア・エージェントを有する非許可ノードに転送 する装置および方法に係わる。本発明に関する背景技術 コンピュータ・システムの発展の初期には、近代化された企業は一般に、メイ ンフレームに接続されたいくつかの「ダム(dumb)」端末を有する、一部屋 の大きさの集中メインフレームを使用していた。より小型で高速で高性能のコン ピュータの登場と共に、それらの近代化された企業の多くは自社の集中メインフ レームを撤去して、いくつかのスタンドアロン型コンピュータ、またはパーソナ ル・コンピュータの集まりを有し、各ユーザが自分のパーソナル・コンピュータ を管理する分散ネットワーク(たとえばローカル・エリア・ネットワーク)を使 用する方を選んだ。 この非集中化傾向を認めて、多くのソフトウェア開発業者が「ユーザ特有の」 ライセンスと一般に呼ばれる特定のライセンス供与方式に従って自社のソフトウ ェアをライセンス供与している。ユーザ特有のライセンスは一般に、特定のソフ トウェア・プログラムを特定の方式で随時操作することを所定数の個人に許可す る。したがって、ライセンスは特定のノードではなく選択された数の個人に付随 する。本出願の範囲では、「ノード」とは、好ましくは本発明を含む、コンピュ ータ、プリンタ、ファクシミリ機、および同様のものなどの「インテリジェンス 」を有するハードウェア製品であると定義する。ユーザ特有のソフトウェアに付 随する主要な問題は、ソフトウェア開発業者の潜在的ライセンス供与収益をむし ばむライセンス・ソフトウェアの無許可の使用またはコピーあるいはその両方を 間接的に助長することてある。 長年にわたり、ソフトウェア開発業者は、自社のソフトウェアがユーザ特有の ライセンスの条件の範囲を超えて使用およびコピーされないように保護する方法 を探し求めてきたが、企業ライセンス被供与者は自社の従業員によるライセンス ・ソフトウェアの不法な使用またはコピーによる潜在的な代位責任を大幅に軽く しようとしてきた。したがって、ユーザ特有のライセンスの条件を超えたソフト ウェアの拡散を防止することは、ソフトウェア開発業者と企業ライセンス非供与 者の両方に同様に利益がある。 現在、ユーザ特有のソフトウェア・ライセンスの遵守は、「ドングル(don gle)」と呼ばれる物理的ハードウェア装置の使用によって行われている。ド ングルとは、最初に購入したときにライセンス・ソフトウェアと共にパッケージ されている物理ハードウェア装置である。これは一般には、たとえばパーソナル ・コンピュータなどのノードのパラレル・ポートに接続する。実行中の様々な時 点で、対象ライセンス・ソフトウェア・プログラムはドングル内で使用されてい るアクティブ装置に許可メッセージ(「呼びかけ」と呼ばれる)を送る。ドング ル内のアクティブ装置は、ドングル内部に記憶されている秘密情報(以下、「有 効ライセンス・トークン」と呼ぶ)を使用してその呼びかけを処理し、戻りメッ セージ(「応答」と呼ぶ)を発生する。ソフトウェア・プログラムはこの応答を 期待応答と比較し、その2つの応答が同じである場合にのみそれ以降の実行を許 可する。 したがって、ユーザはライセンス・ソフトウェア・プログラムをコピーし、そ れを複数のパーソナル・コンピュータにロードすることはできるが、そのソフト ウェア・プログラムを実行することができるのはドングルが接続されている第1 のコンピュータのみである。ライセンス・ソフトウェア・プログラムを他のパー ソナル・コンピュータで実行するためには、第1のパーソナル・コンピュータか らドングルを取り外して他のパーソナル・コンピュータに接続しなければならな い。その結果、第1のパーソナル・コンピュータではそのソフトウェアは使用不 能になる。企業ライセンス被供与者に与えられるドングルの数は一般にユーザ特 有のソフトウェア・ライセンス契約を結んだ人数に限定されているため、ライセ ンス・ソフトウェア・プログラムの複数の導人がソフトウェア開発業者にとって 不利な財務上の影響を引き起こさないことは明らかである。 ドングルによってユーザ特有のライセンスの遵守は確保されるが、いくつかの 欠点がある。1つの欠点は、ドングルを顧客に物理的に配布しなければならない ことである。したがって、ソフトウェアの電子配布用システム(「コンテンツ配 布」と呼ぶ)が提案され、実施されて便利さを増し、配布コストを削減している が、物理装置としてのドングルは依然として従来の配布方法とそれに伴う費用と を必要とする。ソフトウェア開発業者の経済的利益を保護するためにドングルを 必要とすることによって、顧客は、(i)選定された場所でドングルを直接入手 し、その後でそのドングルをノードに装着してからでなければライセンス・プロ グラムを使用することができないか、または(ii)意図した使用の前にコンテン ツ配布者が顧客にドングルを郵送する時間を見越してライセンス・ソフトウエア ・プログラムを発注するという煩わしい作業に耐えなければならない。いずれに しても、ドングルはコンテンツ配布の効率と興味を妨げる。 もう一の欠点は、ドングルの取り外しと装着が時間のかかる処理であることで ある。時間を争う企業では、ドングルの交換は企業の業績全体に影響を及ぼす。 他の欠点は、ドングルを絶えず取り外したり装着したりすることによって、ドン グルが損傷し機能不能になる確率が高くなり、企業は新しいドングルを待ってか らでなければ、そのソフトウェア・アプリケーションを再び使用することができ ない。 他の欠点は、ライセンスは個人を対象としているが、ドングルは一般にノード に装着されることである。したがって、ユーザが別の機械(たとえば自宅にある パーソナル・コンピュータ)に移動した場合、そのユーザはドングルを所有して いない限り、ライセンス・ソフトウェア・プログラムを使用することができない 。 発明の簡単な概要 上記に基づき、ノード内に内部実装された集積回路構成要素として、電子ドン グルの機能を備えた暗号装置を作製することが望ましい。したがって、本発明の 目的は、集積回路構成要素を遠隔認証する際に使用する固有ディジタル証明を内 部的に記憶する記憶素子を備えた、集積回路構成要素としての暗号装置を提供す ることである。 本発明の他の目的は、固有の公開キーと私用キーとの対を内部的に生成し、少 なくとも秘密キーを記憶することができ、それによって集積回路構成要素の外部 の使用を防止する固有集積回路構成要素を提供することである。 本発明の他の目的は、あるエンティティによって検証または製造された別の同 様の集積回路構成要素とのセキュリティ保護された通信を可能にするために、そ のエンティティの公開キーを内部的に記憶する集積回路構成要素を提供すること である。 本発明の他の目的は、ハードウェアの物理的操作を頻繁に必要としないロビン グ(roving)・ソフトウェア・ライセンスを与える集積回路構成要素を提 供することである。 この集積回路構成要素を一般にハードウェア・ライセンスと呼び、識別のため の動作を行う処理装置と、(i)固有の公開キーと私用キーの対を記憶する不揮 発性メモリと、(ii)キーの対が認証されたものであるかどうかを検証するディ ジタル証明と、(iii)集積回路構成要素と製造業者によって製造された他の同 様の構成要素との間の通信を可能にする選定されたエンティティ(集積回路構成 要素の製造業者であることが好ましい)の公開キーとを含む記憶素子を備える。 不揮発性メモリは暗号アルゴリズムを記憶するためにも使用することができる。 集積回路構成要素は、処理装置によって処理される情報を記憶する揮発性メモリ と、他の同様の構成要素から通信バスを介して暗号化形式または復号形式の情報 を送受信するためのインタフェースと、固有の公開キーと私用キーの対を生成す るための乱数発生器とをさらに備える。 図面の簡単な説明 本発明の目的、特徴、および利点は以下の本発明の詳細な説明を読めば明らか になろう。 第1図は、双方向対称キー暗号化および復号プロセスを示すブロック図である 。 第2図は、双方向非対称キー暗号化および復号プロセスを示すブロック図であ る。 第3図は、信用権威者からのディジタル証明プロセスを示すブロック図である 。 第4図は、本発明の実施形態を組み込んだコンピュータ・システムのブロック 図である。 第5図は、本発明の実施形態を示すブロック図である。 第6図は、対とディジタル証明を集積回路構成要素に実装する方法を示すフロ ーチャートである。 第7A図〜第7C図は、ライセンス特権を有する第2のハードウェア・エージ ェントと第1のハードウェア・エージェントとの間で有効ライセンス・トークン を転送するために、第1のハードウェア・エージェントが第2のハードウェア・ エージェントとの通信を確立する操作を示すフローチャートである。 発明の詳細な説明 本発明は、適切に構成されたハードウェア・エージェント間でロビング・ソフ トウェア・ライセンスを転送することができるようにし、それによって配布する 物理ハードウェア装置を不要にする装置および方法に関する。以下の説明では、 本発明を十分に理解することがてきるように多くの詳細を記載する。しかし、当 業者には、本発明の精神および範囲から逸脱することなく、本発明を例示されて いるものとは異なる多くの実施形態を使用して実施することができることが明ら かである。他の場合には、本発明を無用に不明瞭にしないために、周知の回路、 要素、および同様のものについては詳細には記載しない。 詳細な説明では、特定の特性または品質を説明するためにいくつかの暗号関係 の用語を頻繁に使用するが、ここでそれらについて定義する。「キー」とは従来 の暗号アルゴリズムの暗号化または復号あるいはその両方のパラメータである。 具体的には、キーはnビットの長さの二進データの順次配置(「ストリング」) である(ただし「n」は任意の数である)。「メッセージ」とは、一連のバス・ サイクルで転送される情報(たとえば暗号化キー・アドレスおよびデータ)であ ると一般に定義される。この情報には、呼びかけや戻り応答が含まれる。「ディ ジタル証明」とは、通信を開始するエンティティに関係する情報であると定義さ れ、典型的には広く公開された信用権威者(たとえば銀行、政府機関、同業組合 など)によって私用キーを使用して暗号化されたエンティティの公開キーである 。「ディジタル署名」とは、ディジタル証明と類似しているが、送信者ではなく メッセージ自体の認証に使用される。 ここ数年、1つの場所から他の場所にディジタル情報を送信することがますま す望まれるようになっている。その結果、現在、多くのエンティティが暗号技術 を使用しており、それによって正当な受信者にとっては明瞭であいまいさがない が不正な受信者には理解できない方式で情報が転送される。一般に、暗号技術は 2つの従来の技法のうちの1つに従って機能する。すなわち、対称キー暗号化ま たは非対称(または公開)キー暗号化あるいはそれらの暗号化技術の組合せであ る。 第1図を参照すると、対称キー暗号技法の実施形態が図示されている。この技 法では、同一、すなわち対称な秘密キー(「SK」と符号が付されている)1を 使用して、第1のノード10と第2のノード15の間で転送される原メッセージ 5を暗号化して暗号化された原メッセージ20を形成し、暗号化された原メッセ ージ20を復号して原メッセージ5を復元する必要がある。このような暗号化お よび復号は、たとえばデータ暗号アルゴリズム(より一般には「DES」と呼ば れる)などの周知の従来の暗号アルゴリズムを使用して行われる。原メッセージ 5は、(i)第1のノード10で暗号化され、(ii)電話回線および同様のもの などの公共領域25を使用して第1のノード10から第2のノード15に転送さ れ、(iii)第2のノード15で復号される。しかし、この技法は秘密キー(「 SK」)を前もって設定する必要があるため、ユーザ数が多い場合にはサポート するのが困難である。 次に第2図を参照すると、非対称キー技法の実施形態が図示されている。この 技法は、暗号化と復号に別々に使用される2つの別々のキー(「公開キー」およ び「私用キー」と呼ぶ)を使用する。第1のノード10から第2のノード15へ の双方向通信を確立するために、第2のノード15のキーの対のうちの「公開」 キー16(「PUK2」と符号が付されている)が第1のノード10に記憶され 、一般に第1のノード10が暗号化の分野で周知の非対称「RSA」アルゴリズ ムに基づいて原メッセージ30を暗号化するために使用する。これによって、第 2のノード15に転送される暗号化原メッセージ35が形成される。第1のノー ド10の公開キーと私用キーの対11および12([PUK1」および「PRK 1」と符号が付されている)はさらに第1のノード10に記憶される。 第2のノード15のキーの対のうちの「私用」キー17(「PRK2」と符号 が付されている)は、第2のノード15のみが知っており、第2図に示すように RSAアルゴリズムに基づく第1のノード10からの暗号化メッセージ35の復 号を含む多くの目的のために使用する。しかし、この技法は、不正なエンティテ ィ(たとえば商業スパイなど)が正当なエンティティ(たとえば従業員、合弁企 業など)を装おって、仕事の流れを中断させたり機密情報を入手したりするため に他の正当なエンティティに詐欺的メッセージを送信しようとする試みを許しや すい。したがって、一般に付加的なプロトコルを使用して、メッセージの認証を 行い、そのメッセージを送信するエンティティの正当化を行う。 事前には未知である当事者間で最初に通信を確立するときは、送信者の認証( すなわち公開キーの送信者が実際にその公開キーの真の所有者であることの検証 )が問題である。この問題は、一般に、送信メッセージ50内にディジタル証明 45を組み込むことによって回避される。ディジタル証明45は、相互信用権威 者55(たとえば銀行、政府機関、同業者組合など)が、署名文(「SM」と符 号が付されている)58を使用して通信を開始するノードの公開キー(「PUK 1」)11を、信用権威者55の私用キー(「PRKTA」)57を使用して暗 号化することによって発行する。したがって、PUK2 16を使用しようとす る不正な試みが行われてもその送信メッセージに対しては受信者には読めない応 答が返されることになるだけてある。選択される信用権威者55は、関係当事者 によって異なる。たとえば、同じ企業に雇用されている2人の個人は両者とも、 その企業の会社セキュリティ管理局によって発行された証明を信用する。しかし 、 2つの独立した企業エンティティの従業員は、それぞれのセキュリティ管理局か らの認証だけでなく、たとえばそのような企業エンティティを証明する何らかの 産業組織からの証明も必要とする。 この手法では、複数の操作を並列して実行して送信メッセージ50を作成する 。1つの操作は、DESアルゴリズムを介して対称秘密キー(「SK」)60を 使用して原メッセージ40を暗号化して、ディジタル証明45と共に送信メッセ ージ50に入れられる暗号化メッセージ65を形成することである。原メッセー ジ40にはハッシュ・アルゴリズム70(たとえば「MD5」)も適用されて、 送信メッセージ・ダイジェスト75が形成される。送信メッセージ・ダイジエス ト75は、第1のノードの私用キー(「PRK1」)12を使用してさらに暗号 化されてディジタル署名80を形成し、それが送信メッセージ50に入れられる 。さらに、対称キー(「SK」)60がRSAアルゴリズムに基づいて第2のノ ードの公開キー(「PUK2」)16を使用して暗号化されて「SKenc」8 5となり、さらに送信メッセージ50に入れられる。 第3図を続けて参照する。第1のノード10から公共領域25を介して送信さ れる送信メッセージ50を受信すると、第2のノード15は私用キー(PRK2 」)17を使用してSKenc85を復号し、信用権威者55の発行公開キー( 「PUBTA」)を使用してディジタル証明45を復号し、SK60とPUK1 11を入手する。このSKキー60とPUK1キー11を使用して、暗号化原 メッセージ65とディジタル署名80を復号し、送信メッセージ・ダイジェスト 75と原メッセージ40をそれぞれ取り出す。次に、原メッセージ40に第1の ノード10で行われたのと同じハッシュ・アルゴリズム85を適用する。その結 果90(「受信メッセージ・ダイジェスト」と称する)が、送信メッセージ・ダ イジェスト75と比較される。送信メッセージ・ダイジエスト75が受信メッセ ージ・ダイジェスト90と同じ場合、この2つの正当ノード間の通信が維持され る。 第4図を参照すると、本発明を使用するコンピュータ・システム100の実施 形態が図示されている。コンピュータ・システム100は、ホスト・プロセッサ 105と、メモリ装置110と、入出力(「I/O」)制御装置115と、「ハ ードウェア・エージェント」と呼ばれる暗号装置12とを備える。複数のバス・ エージェントがシステム・バス130を介して互いに接続され、それによってこ れらのバス・エージェント間で情報を伝達することができる。 この実施形態ではホスト・プロセッサ105しか図示されていないが、コンピ ュータ業界では周知のように、コンピュータ・システム100内で複数のホスト ・プロセッサを使用することもできるものと企図される。さらに、メモリ装置1 10はダイナミック・ランダム・アクセス・メモリ(「DRAM」)、読取り専 用メモリ(「ROM」)、ビデオ・ランダム・アクセス・メモリ(「VRAM」 )、および同様のものを含むことができる。メモリ装置110には、ホスト・プ ロセッサ105が使用する情報が記憶される。 入出力制御措置115は、入出力バス135とシステム・バス130との間の インタフェースであり、システム・バス130または入出力バス135に結合さ れた構成要素間で情報を転送する通信経路(すなわちゲートウェイ)を提供する 。入出力バス135はコンピュータ・システム100内の少なくとも1つの周辺 装置との間で情報を転送する。これには、画像を表示する表示装置140(たと えば陰極線管、液晶表示装置など)、ホスト・プロセッサ105に情報およびコ マンド選択を伝達する英数字入力装置145(たとえば英数字キーボードなど) 、カーソル移動を制御するカーソル制御装置150(たとえばマウス、トラック ボール、タッチ・パッドなど)、情報を記憶する大容量データ記憶装置155( たとえば磁気テープ、ハード・ディスク・ドライブ、フロッピィ・ディスク・ド ライブなど)、コンピュータ・システム100から他の装置に情報を送信する情 報送受信装置160(ファックス機、モデム、スキャナなど)、および情報の有 形の視覚表現を提供するハード・コピー装置165(たとえばプロッタ、プリン タなど)が含まれるがこれらには限定されない。第4図に示すコンピュータ・シ ステムはこれらの構成要素または例示したもの以外の構成要素のうちの一部また は全部を使用することができる。 次に、第5図に示す本発明の実施形態を参照すると、ハードウェア・エージェ ント120は、ホスト・プロセッサ105および、メモリおよび入出力制御装置 (図示せず)との通信経路を確立するシステム・バス130に結合されている。 ハードウェア・エージェント120は、ダイ121を損傷と有害汚染物質から保 護するように集積回路構成要素パッケージ122内に、好ましくは密閉されてカ プセル封止されたダイ121(たとえばマイクロコントローラ)の形態の単一の 集積回路を含む。ダイ121は、記憶素子124に結合された処理装置123と 、バス・インタフェース125と、乱数発生器126とを含む。バス・インタフ ェース125は、ハードウェア・エージェント120から他の装置(たとえばホ スト・プロセッサ、他の装置内の他のハードウェア・エージェントなど)への通 信を可能にする。処理装置123は、ダイ121の中のセキュリティ保護された 環境内で内部的に計算を行って、許可された受信者との有効な接続を確認する。 そのような計算には、特定のアルゴリズムおよびプロトコルの実行、装置固有の 公開/私用キー対および同様のものを生成する、回路(たとえばランダムな性質 であることが好ましい、乱数発生器126など)の起動が含まれる。処理装置1 23は、コンピュータ・システムを混乱させてその私用キーおよびその他の情報 を入手する一般的な方法であるウィルス攻撃による私用キーのアクセスを防ぐよ うにダイ121内に配置されている。 記憶素子124は、「RSA」や「DES」などの適切な暗号アルゴリズム、 公開キーと私用キーの対127a、価値の対が認証されたものであるかどうかを 検証するためのディジタル証明(「DC」という符号が付されている)127b 、および集積回路構成要素とその製造業者によって製造された他の同様の装置と の間の通信を可能にする集積回路構成要素の製造業者の公開キー(「PUKM」 )127cを記憶するフラッシュ・メモリなどの不揮発性メモリ素子127を含 む(第6図に詳細に記載する)。電源が切断されても内容を保持するため、この 不揮発性メモリ127が主として使用される。メモリ装置124は、処理装置1 23からの特定の結果を記憶するためにさらにランダム・アクセス・メモリ(「 RAM」)128を含む。 ハードウェア・エージェント120は、セキュリティ強化のためにシステム・ バス130に接続された周辺装置として実装されているが、ハードウェア・エー ジェント120はPCプラットフォーム・レベルで他のいくつかの方法(たとえ ば、ハード・ディスクから入出力される情報の自動的な復号または暗号化あるい はその両方を行うディスク制御装置またはPCMCIAカードとしてなど)で実 施することもできるものと企図される。他の代替実施態様は、後述するようにハ ードウェア・エージェントをホスト・プロセッサを含むマルチチップ・モジュー ルの1つの構成要素とすることであろう。さらに、ハードウェア・エージェント についてPCプラットフォームと関連して説明しているが、このようなハードウ ェア・エージェントはファックス機、プリンタおよび同様のものなどのノード内 や、コンピュータと入出力周辺装置との間の通信経路上に実施することもできる ものと企図される。 第6図を参照すると、本発明を製作する操作のフローチャートが示されている 。まず、ステップ100で、任意の従来の公知の半導体製造技法に従ってハード ウェア・エージェントのダイを製作する。次に、ハードウェア・エージェント自 体を形成するようにそのダイを半導体パッケージ内にカプセル封止する(ステッ プ105)。証明システム上にハードウェア・エージェントを配置し、それによ ってハードウェア・エージェントと証明システムとの間に電気的および機械的結 合を確立する(ステップ110)。証明システムは、ハードウェア・エージェン トの証明のための電気信号の発生と受信を行う、プリント回路基板に結合された キャリヤを備える。証明システムはさらに、固有キー生成を保証するために前に 生成された公開キーの記憶装置(たとえばデータベース)をさらに備える。その 後で、証明システムはハードウェア・エージェントに電力を供給し、ハードウェ ア・エージェントは乱数発生器に電力を供給してハードウェア・エージェント内 で乱数発生器が装置固有の公開キーと私用キーの対を内部的に生成することがで きるようにする。 ハードウェア・エージェント内で公開キーと私用キーの対が生成された後、公 開キーと私用キーの対のうちの公開キーを証明システムに送る(ステップ120 )。その公開キーを、記憶装置に記憶されている前に製造されたハードウェア・ エージェントの前に生成された公開キーと比較する(ステップ125)。万一、 その公開キーが前に生成された公開キーの1つと同じである場合(ステップ13 0)、証明システムがハードウェア・エージェントに対して別の前記公開キーと 私用キーの対を生成するように通知し(ステップ135)、このプロセスをステ ップ120から続けて各公開キーと私用キーの対が確実に固有のものになるよう にする。 公開キーが固有である場合は、記憶装置はその固有の公開キーで更新される( ステップ140)。その後、証明システムがステップ145で、キーの対が認証 されたものであるかどうかを検証する固有装置証明(以下、「認証装置証明」と 呼ぶ)を作成する。認証装置証明は、秘密私用製造業者キーを使用して「ディジ タル署名」された装置の公開キーを少なくとも含む(すなわち、大ざっぱに言え ば製造業者の私用キーを使用して装置の公開キーを暗号化する)。この認証装置 証明を製造業者の一般に知られた公開キーと共にハードウェア・エージェントに 入力し(ステップ150)、ハードウェア・エージェントは固有公開キーと私用 キーの対と認証装置証明と製造業者の公開キーをその不揮発性メモリに永久的に プログラムする(ステップ155)。しかし、製造業者の代わりに他のエンティ ティ(たとえば配布業者)の公開キーを使用することもでき、その場合は認証装 置証明の変更も必要になることが企図される。この時点で、ハードウェア・エー ジェントは物理的に固有であり、これで他のハードウェア・エージェントとの通 信を安全に確立することができる。 ハードウェア・エージェントを製作した後、それを第4図に示すコンピュータ ・システムなどの電子装置に実装する。これは、呼びかけ/応答などの認証手続 きとその他の周知の手続きを使用してライセンス供与者とハードウェア・エージ ェントとの間にセキュリティ保護された通信経路を確立することによって行うこ とができる。通信経路が安全に確保された後、セキュリティ保護された通信リン クを介して有効なライセンス・トークンをハードウェア・エージェントのフラッ シュ・メモリにダウンロードする。ハードウェア・エージェント間で転送するの ではなく、ライセンス・トークンが複数のハードウェア・エージェントに組み込 まれて「有効」状態または「無効」状態にあり、それによってライセンス・トー クンを有効化または無効化することもできることがさらに企図される。 第7A図および第7B図を参照すると、2つのハードウェア・エージェントの 認証の相互遠隔識別の実施形態が示されている。ステップ200で、第1のハー ドウェア・エージェントが組み込まれた「未許可の」第1のノード(すなわち現 在はライセンス・ソフトウェア・アプリケーションの操作を許可されていないノ ード)と、ライセンス・ソフトウェア・アプリケーションを操作することを許可 された第2のハードウェア・エージェントが組み込まれた許可された第2のノー ドとの間に通信リンクが確立される。この通信リンクは、モデム、ネットワーク などの任意の従来の通信手段を介して確立することができる。第1のハードウェ ア・エージェントはその固有認証装置証明を含むメッセージを第2のハードウェ ア・エージェントに出力する(ステップ205)。両方のハードウェア・エージ エントの不揮発性メモリに製造業者の公開キー(「PUKM」)がプログラムさ れているため、第2のハードウェア・エージェントは製造業者の公開キー(「P UKM」)を使用して認証装置証明を復号し、第1のハードウェア・エージェン トの公開キーを入手する(ステップ210)。その後、ステップ215〜220 で、ステップ205〜210に記載されているものと同様の操作も行われ、それ によって第1のエージェントは第2のハードウェア・エージェントの公開キー( 「PUK2」)を入手する。 その後、ステップ225および230で、第2のハードウェア・エージェント が、第1のハードウェア・エージェントの導き出された公開キーを使用して、選 定された暗号アルゴリズム(たとえばRSA)に従って呼びかけメッセージを暗 号化し、その呼びかけメッセージを第1のハードウェア・エージェントに送信す る。ステップ235および240で、第1のハードウェア・エージェントが、そ の私用キー(「PRK1」)を使用して呼びかけメッセージを復号し、次に、復 号した呼びかけメッセージを第2のハードウェア・エージェントの公開キー(「 PUK2」)を使用して暗号化することによって応答メッセージを生成し、その 応答メッセージを第2のハードウェア・エージェントに送信する。次に、第2の ハードウェア・エージェントが、前に送信された製造業者の装置証明の復号によ って前に判断したその私用キー(「PUK1」)を使用してその応答を復号する (ステップ245)。ステップ250で、第2のハードウェア・エージエントは 元の呼びかけメッセージを、復号した応答メッセージと比較し、同じでない場合 は通信を終了する(ステップ255)。同じ場合は、ステップ260〜290で ステップ225〜260と同様の呼びかけ/応答手続きが行われて、第1のハー ドウェア・エージェントから送信された情報を第2のハードウェア・エージェン トが実際に受信していることを検証する。これらのステップ(ステップ22 5〜290)が成功裏に完了すると、両方のハードウェア・エージェントが認証 されたエージェントであり、両者の間の通信がセキュリティ保護されていること が保証される(ステップ295)。 次に第7C図を参照すると、セキュリティ保護された通信のもとで第2のハー ドウェア・エージェント内の有効なライセンス・トークンを第1のハードウェア ・エージェントに安全に転送するプロセスの実施形態が示されている。安全保護 された通信が確立されると、第1のハードウェア・エージェントは第2のハード ウェア・エージェントに対して有効なライセンス・トークンを所有しているかど うか照会する(ステップ300)。第2のハードウェア・エージェントが組み込 まれているシステムが有効なライセンス・トークンを持っていない場合(ステッ プ305)、ハードウェア・エージェント間の通信は終了する(ステップ310 )。しかし、第2のハードウェア・エージェントが組み込まれたシステムが有効 なライセンス・トークンを持っている場合は、第1のハードウェア・エージェン トにしかるべくメッセージを送信する(ステップ315)。 第1のハードウェア・エージェントは、このメッセージを受信すると、第1の ハードウェア・エージェントにライセンス・ソフトウェア・アプリケーションの 操作を許す有効なライセンス・トークンの転送要求を出す(ステップ320)。 第2のハードウェア・エージェントは、有効なライセンス・トークンを転送する ことによって転送要求に応答し、それによってそのライセンス特権を失う(ステ ップ325)。第1のハードウェア・エージェントはその有効なライセンス・ト ークンを受け取り、そのトークンをその不揮発性メモリに記憶した後、有効なラ イセンス・トークンを受け取ったというメッセージを第2のハードウェア・エー ジェントに送信し、そのライセンス・ソフトウェアのコピーを使用可能にするこ とになる(ステップ330)。この時点で、通信が終了する(ステップ335) 。 ステップ320と325の間およびステップ325と330の間に呼びかけ/ 応答シーケンスを導入することによって、追加のレベルのプロトコル保全性を得 ることができることが企図される。これによって、前のライセンス・トークン転 送事象の「再生」が防止される。 第1と第2のハードウェア・エージェント間の通信と並行して、各ハードウェ ア・エージェントはその送信の内容を監査ログとして不揮発性メモリに記憶する 。したがって、第2のハードウェア・エージェントがそのコピーを使用不能にし た後で第1のハードウェア・エージェントがそのコピーを使用可能にする前に通 信が切断された場合、両方のハードウェア・エージェントは通信が再接続された 後で監査ログを見直してどのハードウェア・エージェント(ある場合)がライセ ンス・ソフトウェア・アプリケーションを操作する許可を持っているかを判断す ることができる。 本明細書に記載の本発明は多くの異なる方法で多くの異なる構成を使用して設 計することができる。本発明について様々な実施態様に関して説明したが、当業 者なら本発明の精神および範囲から逸脱することなく他の実施態様を考えつくで あろう。したがって、本発明は請求の範囲の記載によって判断されるべきである 。DETAILED DESCRIPTION OF THE INVENTION Loving software license for hardware agents Background of the Invention Field of the invention The present invention relates to licensing software. Specifically, the present invention provides the first License software from an authorized node with Access privileges to run software programs to specific user licenses Transfer to an unauthorized node with a second hardware agent without conflict The present invention relates to an apparatus and a method for performing the method.BACKGROUND OF THE INVENTION Early in the development of computer systems, modernized companies generally A room with several "dumb" terminals connected to a frame I was using a centralized mainframe of the size. Smaller, faster and higher performance computers With the advent of pewter, many of these modernized companies have their centralized main Remove the frame and replace it with some standalone computers, or personal Computers, each user owning his or her own personal computer Use a distributed network (for example, a local area network) I chose the one to use. Recognizing this decentralization trend, many software developers have been "user specific" License your software according to a specific licensing scheme, commonly called a license. License the software. User-specific licenses are generally Allow a specified number of individuals to operate the software program at any time in a specific manner. You. Therefore, the license is not tied to a specific node, but to a selected number of individuals I do. For the purposes of this application, a “node” is a computer, preferably including the present invention. Intelligence, such as data, printers, facsimile machines, and the like "Is defined as a hardware product having". " Includes user-specific software A key issue to follow is the potential licensing revenue of software developers. Unauthorized use and / or copying of licensed software It may be indirectly conducive. Over the years, software developers have found that their software is user-specific. How to protect against use and copying beyond the terms of the license But the company licensee has been licensed by their own employees. Significantly reduce potential subrogation due to illegal use or copying of software I've been trying. Therefore, software that exceeds user-specific license conditions Preventing the spread of software is not licensed to software developers and companies Both have similar benefits. Currently, compliance with user-specific software licenses is based on the dongle gle) "is performed by the use of physical hardware devices. Do Is a package with the licensed software when first purchased Physical hardware device that is being used. This is generally -Connect to the parallel port of a node such as a computer. Various times during execution In that respect, the Licensed Software Program is not Send an authorization message (called "call") to the active device. Dong The active devices in the dongle are confidential information stored inside the dongle (hereinafter referred to as “Yes Process the call using a valid license token) and return a message Generate a message (called a "response"). The software program sends this response Compares to the expected response and allows further execution only if the two responses are the same. Yes. Therefore, the user copies the licensed software program and Can be loaded on multiple personal computers, but the software Can run the hardware program on the first connected dongle Computer only. Copy licensed software programs to other To run on a Sonal computer, the first personal computer Must remove the dongle and connect it to another personal computer. No. As a result, the software cannot be used on the first personal computer. It will work. The number of dongles given to a company licensee is generally user specific. Licenses are limited to those with software license agreements Software software program leaders Obviously, it will not cause any adverse financial impact. Dongles ensure compliance with user-specific licenses, but some There are drawbacks. One disadvantage is that the dongle must be physically distributed to customers That is. Therefore, systems for electronic distribution of software (“Content distribution Called "cloth") has been proposed and implemented to increase convenience and reduce distribution costs However, the dongle as a physical device still uses traditional distribution methods and associated costs. Need. Dongle to protect software developers' economic interests As required, the customer can (i) get the dongle directly at the selected location Then attach the dongle to the node before licensing Grams cannot be used or (ii) content prior to intended use Licensed software in anticipation of the time distributors will mail dongle to customers ・ Must endure the troublesome work of ordering programs. In any Even so, dongles hinder the efficiency and interest of content distribution. Another disadvantage is that removing and attaching the dongle is a time consuming process. is there. In companies that compete for time, exchanging dongles can affect the overall performance of the company. Another disadvantage is that the dongle is constantly removed and put on Companies are waiting for a new dongle with a higher probability that the guru will be damaged and inoperable Otherwise, you can use the software application again Absent. Another disadvantage is that while licensing is for individuals, dongle is generally It is to be attached to. Thus, if the user is on another machine (for example, at home) Personal computer), the user owns the dongle Unable to use licensed software programs unless you . BRIEF SUMMARY OF THE INVENTION Based on the above, electronic dongle as an integrated circuit component internally mounted in the node It is desirable to produce an encryption device having the function of a guru. Therefore, the present invention The purpose is to include a unique digital certificate used in remote authentication of integrated circuit components. Provided is an encryption device as an integrated circuit component, including a storage element that stores data partially. Is Rukoto. It is another object of the present invention to internally generate a unique public / private key pair, Without having to store the secret key, thereby saving To provide unique integrated circuit components that prevent the use of It is another object of the present invention to provide a method for verifying or manufacturing another To enable secure communication with various integrated circuit components. Providing an integrated circuit component that internally stores the public key of another entity It is. Another object of the present invention is to provide a robin system that does not require frequent physical manipulation of hardware. Providing integrated circuit components that provide a roving software license Is to provide. This integrated circuit component is commonly referred to as a hardware license and is used for identification purposes. And (i) a non-volatile memory for storing a unique public key / private key pair. And (ii) a key that verifies that the key pair is authentic. Digital certification and (iii) other integrated circuit components and other components manufactured by the manufacturer. Selected entities (integrated circuit configurations) that allow communication between such components (Preferably the manufacturer of the element). Non-volatile memory can also be used to store cryptographic algorithms. The integrated circuit component is a volatile memory that stores information processed by the processing device. And information from other similar components in encrypted or decrypted form via the communication bus Interface to send and receive and generate a unique public / private key pair And a random number generator for generating BRIEF DESCRIPTION OF THE FIGURES Objects, features, and advantages of the present invention will be apparent from the following detailed description of the invention. Would. FIG. 1 is a block diagram illustrating a two-way symmetric key encryption and decryption process. . FIG. 2 is a block diagram illustrating a two-way asymmetric key encryption and decryption process. You. FIG. 3 is a block diagram showing the digital certification process from a credit authority. . FIG. 4 is a block diagram of a computer system incorporating an embodiment of the present invention. FIG. FIG. 5 is a block diagram showing an embodiment of the present invention. FIG. 6 is a flowchart showing how a pair and a digital certificate are implemented on an integrated circuit component. It is a chart. 7A to 7C illustrate a second hardware age with license privileges. License token between the agent and the first hardware agent The first hardware agent sends a second hardware 9 is a flowchart illustrating an operation of establishing communication with an agent. Detailed description of the invention The present invention provides a roving software between appropriately configured hardware agents. Transfer software licenses and distribute them accordingly Apparatus and method for eliminating the need for physical hardware devices. In the following description, Many details are set forth in order to provide a thorough understanding of the present invention. However, Those skilled in the art will be able to exemplify the invention without departing from the spirit and scope of the invention. It can be seen that it can be implemented using many different embodiments than Is. In other instances, well-known circuits have been used in order not to obscure the present invention unnecessarily. Elements and the like are not described in detail. In the detailed description, some cryptographic relationships may be used to describe a particular property or quality. Are frequently used, but are defined here. "Key" is conventional Parameter of the encryption algorithm or the decryption or both. Specifically, the key is a sequential arrangement of binary data having a length of n bits ("string"). (Where “n” is an arbitrary number). A "message" is a series of buses Information (eg encryption key address and data) transferred in the cycle Is generally defined as This information includes the call and the return response. "D Digital proof '' is defined as information related to the entity that initiates the communication. And typically publicly available credit authorities (eg, banks, government agencies, trade unions) Is the public key of the entity that was encrypted using the private key . A "digital signature" is similar to a digital certificate, except that the sender Used to authenticate the message itself. In recent years, digital information has been transmitted from one place to another. It is becoming more desirable. As a result, many entities are now , Which is unambiguous and unambiguous for legitimate recipients Is transferred in a manner that cannot be understood by unauthorized recipients. Generally, cryptography is It works according to one of two conventional techniques. That is, symmetric key encryption or Or asymmetric (or public) key encryption or a combination of those encryption techniques. You. Referring to FIG. 1, an embodiment of a symmetric key encryption technique is illustrated. This technique In the law, the same, i.e., symmetric, secret key (labeled "SK") 1 Using the original message transferred between the first node 10 and the second node 15 5 to form an encrypted original message 20, It is necessary to decrypt the original message 5 by decoding the page 20. Such encryption and And decryption is performed, for example, by using a data encryption algorithm (more commonly referred to as ) Using well-known conventional cryptographic algorithms. Original message 5 is (i) encrypted at the first node 10, (ii) telephone line and the like Transfer from the first node 10 to the second node 15 using a public area 25 such as And (iii) decrypted by the second node 15. However, this technique uses a secret key (" SK ”) must be set in advance, so if there are many users, support Difficult to do. Referring now to FIG. 2, an embodiment of the asymmetric key technique is illustrated. this The technique consists of two separate keys (“public key” and one used separately) for encryption and decryption. And "private key"). From the first node 10 to the second node 15 "Public" of the second node 15 key pair to establish a two-way communication Key 16 (labeled “PUK2”) is stored in first node 10 , Generally the first node 10 is an asymmetric “RSA” algorithm well known in the encryption arts. It is used to encrypt the original message 30 based on the system. This allows An encrypted original message 35 to be forwarded to the second node 15 is formed. The first no Public key and private key pair 11 and 12 ([PUK1] and “PRK 1 ") are further stored in the first node 10. The “private” key 17 (signed as “PRK2”) of the key pair of the second node 15 ) Is known only by the second node 15 and as shown in FIG. Decryption of encrypted message 35 from first node 10 based on the RSA algorithm Used for many purposes, including numbers. However, this technique is not (E.g., commercial spies) are legitimate entities (e.g., employees, joint ventures). Work, etc.) to disrupt work flow or obtain confidential information Allow any attempt to send fraudulent messages to other legitimate entities I'm sorry. Therefore, additional protocols are generally used to authenticate the message. And justify the entity that sends the message. The first time a communication is established between parties that are not known in advance, the sender's authentication ( That is, verify that the sender of the public key is in fact the true owner of the public key ) Is the problem. This problem is typically caused by a digital certificate in the transmitted message 50. It is avoided by incorporating 45. Digital Certificate 45 is a mutual credit authority Party 55 (eg, a bank, government agency, trade union, etc.) signs the signature (“SM”). The public key ("PUK") of the node that initiates communication using the 1 ") 11 is encrypted using the private key (" PRKTA ") 57 of the credit authority 55. Issued by encryption. Therefore, trying to use PUK2 16 Even if an unauthorized attempt is made, the transmitted message will not be readable by the recipient. The answer will just be returned. The selected credit authority 55 is a related party. Depends on For example, two individuals employed by the same company may both have Trust the certificate issued by the company's corporate security authority. However , Employees of the two independent corporate entities may have their own security Not only their authentication, but also some Requires certification from an industrial organization. In this method, a plurality of operations are executed in parallel to create a transmission message 50. . One operation is to generate a symmetric secret key (“SK”) 60 via the DES algorithm. The original message 40 is encrypted using the Forming an encrypted message 65 that is placed in the page 50. Hara Messe A hash algorithm 70 (eg, “MD5”) is also applied to the An outgoing message digest 75 is formed. Outgoing message 75 further encrypts using the first node's private key ("PRK1") 12. To form a digital signature 80, which is included in the outgoing message 50 . In addition, a symmetric key (“SK”) 60 is used to generate a second key based on the RSA algorithm. Encrypted using the public key (“PUK2”) 16 of the 5 and further included in the transmission message 50. With continued reference to FIG. Transmitted from the first node 10 via the public area 25; Upon receiving the transmitted message 50, the second node 15 sends the private key (PRK2). )) 17 to decrypt SKenc 85 and issue the public key ( "PUBTA") to decrypt the digital certificate 45, SK60 and PUK1. Obtain 11. Using the SK key 60 and the PUK1 key 11, the encryption source The message 65 and the digital signature 80 are decrypted, and the transmitted message digest 75 and the original message 40 are respectively extracted. Next, the first message Apply the same hash algorithm 85 as performed at node 10. The result Result 90 (referred to as the "received message digest") Compared to Egest 75. Send message Digest 75 is received message The same as the digest 90, communication between the two legitimate nodes is maintained. You. Referring to FIG. 4, an implementation of a computer system 100 using the present invention The configuration is shown. The computer system 100 includes a host processor 105, a memory device 110, an input / output (“I / O”) control device 115, And a cryptographic device 12 called a “hardware agent”. Multiple buses Agents are connected to each other via system bus 130, thereby Information can be transmitted between these bus agents. In this embodiment, only the host processor 105 is shown, but the As is well known in the computer arts, a plurality of hosts -It is contemplated that a processor may also be used. Further, the memory device 1 10 is a dynamic random access memory ("DRAM"), read only Memory ("ROM"), video random access memory ("VRAM") ), And the like. The memory device 110 includes a host program. Information used by the processor 105 is stored. The input / output control measure 115 is provided between the input / output bus 135 and the system bus 130. Interface, which is coupled to the system bus 130 or the input / output bus 135. Provide a communication path (ie, gateway) for transferring information between specified components . I / O bus 135 is connected to at least one peripheral in computer system 100. Transfer information to and from the device. This includes a display device 140 (for example, (For example, a cathode ray tube, a liquid crystal display, etc.) Alphanumeric input device 145 for transmitting command selection (eg, alphanumeric keyboard) , Cursor control device 150 (for example, mouse, track Mass data storage 155 (such as a ball, touch pad, etc.) For example, magnetic tapes, hard disk drives, floppy disk drives Live), information transmitted from computer system 100 to other devices. Transmission / reception device 160 (fax machine, modem, scanner, etc.) A hard copy device 165 that provides a visual representation of the shape (eg, a plotter, And the like, but are not limited thereto. The computer system shown in FIG. The stem may be a part or other of these or other components. Can be used entirely. Next, referring to the embodiment of the present invention shown in FIG. The host 120 includes a host processor 105, a memory and an input / output control device. (Not shown) coupled to a system bus 130 that establishes a communication path therewith. Hardware agent 120 protects die 121 from damage and harmful contaminants. In the integrated circuit component package 122 to protect the A single unit in the form of a encapsulated die 121 (eg, a microcontroller) Including integrated circuits. Die 121 includes a processing unit 123 coupled to a storage element 124. , A bus interface 125, and a random number generator 126. Bus interface The hardware 125 transmits data from the hardware agent 120 to another device (for example, Host processor, other hardware agents in other devices, etc.) Enable trust. Processing unit 123 secures die 121 Performs calculations internally within the environment to ensure a valid connection with authorized recipients. Such calculations include the execution of specific algorithms and protocols, device-specific Circuits that generate public / private key pairs and the like (eg, random properties The activation of the random number generator 126, which is preferably Processing device 1 23 confuses the computer system and its private keys and other information Prevent access to private keys by virus attack, a common method of obtaining As shown in FIG. The storage element 124 may be a suitable cryptographic algorithm such as “RSA” or “DES”, Public key / private key pair 127a, whether the value pair is authenticated Digital certificate for verification (labeled "DC") 127b And integrated circuit components and other similar devices manufactured by the manufacturer thereof. The public key of the manufacturer of the integrated circuit component ("PUKM") that allows communication between ) Includes a nonvolatile memory element 127 such as a flash memory for storing 127c. (Described in detail in FIG. 6). To retain the contents even if the power is turned off, The non-volatile memory 127 is mainly used. The memory device 124 is a processing device 1 23 to store a particular result from the random access memory (" RAM ") 128. The hardware agent 120 is a system agent for security enhancement. Although implemented as a peripheral device connected to the bus 130, the hardware Gent 120 can be implemented at the PC platform level in several other ways (eg, Automatic decryption or encryption of information coming in and going out of the hard disk, As a disk controller or a PCMCIA card that does both). It is contemplated that it can be applied. Other alternative embodiments are described below. Multi-chip module with hardware agent and host processor It would be one component of the In addition, hardware agents Is described in connection with the PC platform. Software agents are located in nodes such as fax machines, printers and the like. Or on the communication path between the computer and the input / output peripherals Is intended. Referring to FIG. 6, a flow chart of the operation for making the present invention is shown. . First, at step 100, a hard drive is performed according to any conventional and well-known semiconductor manufacturing technique. Make a wear agent die. Next, the hardware agent Encapsulate the die in a semiconductor package to form a body (step 105). Place hardware agents on the certification system, The electrical and mechanical connection between the hardware agent and the certification system. A connection is established (step 110). The certification system is a hardware agent Coupled to a printed circuit board that generates and receives electrical signals for proof of Equipped with a carrier. The certification system also requires a The storage device further includes a storage device (for example, a database) for the generated public key. That Later, the certification system powers the hardware agent and The agent supplies power to the random number generator and Allows the random number generator to internally generate a device-specific public / private key pair. To be able to After the public / private key pair is generated in the hardware agent, Send the public key of the open key / private key pair to the certification system (step 120) ). The public key is stored on a storage device, Compare with the public key generated before the agent (step 125). By any chance If the public key is the same as one of the previously generated public keys (step 13 0), the certification system sends another public key to the hardware agent Notify to generate a private key pair (step 135) and continue this process. Ensure that each public / private key pair is unique, continuing from step 120 To If the public key is unique, the storage is updated with that unique public key ( Step 140). Thereafter, the certification system proceeds to step 145, where the key pair is authenticated. Unique device certificate for verifying whether the device has been authenticated (hereinafter referred to as “authentication device certificate”). Call). Authenticator certificates are created using a private, private manufacturer key. Include at least the public key of the device that has been "signed" (ie, roughly Encrypts the device's public key using the manufacturer's private key). This authentication device Certificate to hardware agent with manufacturer's publicly known public key Enter (step 150) the hardware agent will enter the unique public key and private Permanently store the key pair, authenticator certificate and manufacturer's public key in its non-volatile memory. Program (step 155). However, instead of the manufacturer, other entities (E.g., the distributor's public key), in which case the authentication It is contemplated that a change in the certificate will also be required. At this point, the hardware agent Agents are physically unique, which allows them to communicate with other hardware agents. Trust can be established safely. After the hardware agent is created, it is shown on the computer shown in FIG. ・ Implement it in an electronic device such as a system. This is an authentication procedure such as calling / response. Licensee and hardware age using the By establishing a secure communication path with the Can be. After the communication path is secured, the secure communication link A valid license token through the hardware agent's flash Download to memory. Transfer between hardware agents License token embedded in multiple hardware agents Rarely in the “enabled” or “disabled” state, It is further contemplated that the token may be enabled or disabled. Referring to FIGS. 7A and 7B, two hardware agents An embodiment of mutual remote identification of authentication is shown. In step 200, the first hard "Unauthorized" first node (i.e., the current Currently not authorized to operate licensed software applications License) to operate licensed software applications Authorized second node incorporating a second hardware agent A communication link is established with the host. This communication link can be a modem, network And can be established via any conventional communication means. First hardware The agent sends a message containing its unique authenticator certificate to the second hardware. A) Output to the agent (step 205). Both hardware ages Ent's non-volatile memory is programmed with the manufacturer's public key ("PUKM"). The second hardware agent is the manufacturer's public key ("P UKM ") and decrypt the authenticator certificate using the first hardware agent. The public key of the client is obtained (step 210). Thereafter, steps 215 to 220 Then, operations similar to those described in Steps 205 to 210 are also performed. Allows the first agent to use the public key of the second hardware agent ( “PUK2”). Then, in steps 225 and 230, the second hardware agent Uses the first hardware agent's derived public key to select The challenge message is encrypted according to a specified encryption algorithm (for example, RSA). And sends the challenge message to the first hardware agent. You. In steps 235 and 240, the first hardware agent Decrypts the challenge message using the private key ("PRK1") of the The message is sent to the second hardware agent's public key (" PUK2 ") to generate a response message by encrypting Send a response message to the second hardware agent. Then, the second The hardware agent decrypts the previously transmitted manufacturer's device certificate Decrypts the response using the private key ("PUK1") previously determined (Step 245). In step 250, the second hardware agent Compare the original challenge message with the decrypted response message and if they are not the same Terminates the communication (step 255). If the same, in steps 260 to 290 The same calling / response procedure as in steps 225 to 260 is performed, and the first hardware The information sent from the hardware agent to the second hardware agent. Verify that the client is actually receiving. These steps (step 22 5-290), both hardware agents authenticate Agent and the communication between them is secure Is guaranteed (step 295). Referring now to FIG. 7C, the second hard drive is secured under secure communications. A valid license token in the hardware agent to the first hardware An embodiment of a process for securely transferring to an agent is shown. Safety protection When the established communication is established, the first hardware agent You have a valid license token for the hardware agent An inquiry is made as to whether or not it is (Step 300). Embedded second hardware agent The licensed system does not have a valid license token (step (Step 305), the communication between the hardware and the agent ends (step 310). ). However, a system incorporating a second hardware agent is effective The first hardware agent if you have a valid license token The message is transmitted accordingly (step 315). When the first hardware agent receives this message, the first hardware agent Licensed software application to hardware agent A transfer request of a valid license token allowing the operation is issued (step 320). The second hardware agent transfers a valid license token Responds to the transfer request, thereby losing its license privileges (step 325). The first hardware agent has its valid license After receiving the token and storing the token in its non-volatile memory, The second hardware agent sends a message that the license token has been received. Agent to make available a copy of the licensed software. (Step 330). At this point, the communication ends (step 335). . Interrogation between steps 320 and 325 and between steps 325 and 330 / An additional level of protocol integrity is obtained by introducing a response sequence. It is contemplated that the This allows the previous license token transfer "Replay" of the sending event is prevented. In parallel with the communication between the first and second hardware agents, each hardware Agent stores the contents of the transmission as an audit log in non-volatile memory . Therefore, the second hardware agent disables the copy Before the first hardware agent makes the copy available If the connection is lost, both hardware agents will reconnect. Review the audit log later to see which hardware agent (if any) That you have permission to operate the license software application Can be The invention described herein can be implemented in many different ways and using many different configurations. Can be measured. Although the invention has been described with reference to various embodiments, One of ordinary skill in the art will be able to conceive other embodiments without departing from the spirit and scope of the invention. There will be. Therefore, the present invention should be determined by the appended claims. .
───────────────────────────────────────────────────── フロントページの続き (81)指定国 EP(AT,BE,CH,DE, DK,ES,FR,GB,GR,IE,IT,LU,M C,NL,PT,SE),OA(BF,BJ,CF,CG ,CI,CM,GA,GN,ML,MR,NE,SN, TD,TG),AP(KE,MW,SD,SZ,UG), AM,AT,AT,AU,BB,BG,BR,BY,C A,CH,CN,CZ,CZ,DE,DE,DK,DK ,EE,ES,FI,FI,GB,GE,HU,IS, JP,KE,KG,KP,KR,KZ,LK,LR,L T,LU,LV,MD,MG,MK,MN,MW,MX ,NO,NZ,PL,PT,RO,RU,SD,SE, SG,SI,SK,SK,TJ,TM,TT,UA,U G,UZ,VN────────────────────────────────────────────────── ─── Continuation of front page (81) Designated countries EP (AT, BE, CH, DE, DK, ES, FR, GB, GR, IE, IT, LU, M C, NL, PT, SE), OA (BF, BJ, CF, CG , CI, CM, GA, GN, ML, MR, NE, SN, TD, TG), AP (KE, MW, SD, SZ, UG), AM, AT, AT, AU, BB, BG, BR, BY, C A, CH, CN, CZ, CZ, DE, DE, DK, DK , EE, ES, FI, FI, GB, GE, HU, IS, JP, KE, KG, KP, KR, KZ, LK, LR, L T, LU, LV, MD, MG, MK, MN, MW, MX , NO, NZ, PL, PT, RO, RU, SD, SE, SG, SI, SK, SK, TJ, TM, TT, UA, U G, UZ, VN
Claims (1)
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US08/303,084 US5473692A (en) | 1994-09-07 | 1994-09-07 | Roving software license for a hardware agent |
US08/303,084 | 1994-09-07 | ||
PCT/US1995/011136 WO1996008092A1 (en) | 1994-09-07 | 1995-09-01 | Roving software license for a hardware agent |
Publications (2)
Publication Number | Publication Date |
---|---|
JPH10507324A true JPH10507324A (en) | 1998-07-14 |
JP4294728B2 JP4294728B2 (en) | 2009-07-15 |
Family
ID=23170470
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
JP50959896A Expired - Fee Related JP4294728B2 (en) | 1994-09-07 | 1995-09-01 | Robbing software license for hardware agents |
Country Status (6)
Country | Link |
---|---|
US (2) | US5473692A (en) |
EP (1) | EP0780039A4 (en) |
JP (1) | JP4294728B2 (en) |
AU (1) | AU3583295A (en) |
RU (1) | RU2147790C1 (en) |
WO (1) | WO1996008092A1 (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2002527781A (en) * | 1998-10-06 | 2002-08-27 | コーニンクレッカ フィリップス エレクトロニクス エヌ ヴィ | Method and system for certificate management of consumer electronic devices |
JP2003500923A (en) * | 1999-05-21 | 2003-01-07 | インターナショナル・ビジネス・マシーンズ・コーポレーション | Method, computer program and device for initializing secure communication and exclusively pairing devices |
US6886095B1 (en) | 1999-05-21 | 2005-04-26 | International Business Machines Corporation | Method and apparatus for efficiently initializing secure communications among wireless devices |
JP2005535040A (en) * | 2002-08-06 | 2005-11-17 | プリヴァリス・インコーポレーテッド | Method for secure registration and backup of personal identification to an electronic device |
JP2011193477A (en) * | 1998-10-30 | 2011-09-29 | Virnet X Inc | Agile network protocol for secure communication with assured system availability |
Families Citing this family (471)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5870474A (en) | 1995-12-04 | 1999-02-09 | Scientific-Atlanta, Inc. | Method and apparatus for providing conditional access in connection-oriented, interactive networks with a multiplicity of service providers |
US6292568B1 (en) | 1966-12-16 | 2001-09-18 | Scientific-Atlanta, Inc. | Representing entitlements to service in a conditional access system |
US7028187B1 (en) | 1991-11-15 | 2006-04-11 | Citibank, N.A. | Electronic transaction apparatus for electronic commerce |
US5453601A (en) | 1991-11-15 | 1995-09-26 | Citibank, N.A. | Electronic-monetary system |
US5557518A (en) * | 1994-04-28 | 1996-09-17 | Citibank, N.A. | Trusted agents for open electronic commerce |
US6122403A (en) | 1995-07-27 | 2000-09-19 | Digimarc Corporation | Computer system linked by using information in data objects |
US6449377B1 (en) | 1995-05-08 | 2002-09-10 | Digimarc Corporation | Methods and systems for watermark processing of line art images |
DE69514908T2 (en) | 1994-02-24 | 2000-07-20 | Merdan Group Inc | METHOD AND DEVICE FOR ESTABLISHING A CRYPTOGRAPHIC CONNECTION BETWEEN ELEMENTS OF A SYSTEM |
US5787172A (en) * | 1994-02-24 | 1998-07-28 | The Merdan Group, Inc. | Apparatus and method for establishing a cryptographic link between elements of a system |
US6088797A (en) * | 1994-04-28 | 2000-07-11 | Rosen; Sholom S. | Tamper-proof electronic processing device |
US6185546B1 (en) * | 1995-10-04 | 2001-02-06 | Intel Corporation | Apparatus and method for providing secured communications |
JPH08263438A (en) | 1994-11-23 | 1996-10-11 | Xerox Corp | Distribution and use control system of digital work and access control method to digital work |
FR2727223B1 (en) * | 1994-11-23 | 1997-01-17 | Fast France Adv Sys Tech Sarl | SECURE MULTIFUNCTIONAL INPUT AND PROCESSING TERMINAL, ESPECIALLY FOR USE IN BANKING, GAMING AND ELECTRONIC DOCUMENT MANAGEMENT |
US6865551B1 (en) | 1994-11-23 | 2005-03-08 | Contentguard Holdings, Inc. | Removable content repositories |
US7117180B1 (en) | 1994-11-23 | 2006-10-03 | Contentguard Holdings, Inc. | System for controlling the use of digital works using removable content repositories |
US6963859B2 (en) | 1994-11-23 | 2005-11-08 | Contentguard Holdings, Inc. | Content rendering repository |
US5943422A (en) | 1996-08-12 | 1999-08-24 | Intertrust Technologies Corp. | Steganographic techniques for securely delivering electronic digital rights management control information over insecure communication channels |
US7133846B1 (en) | 1995-02-13 | 2006-11-07 | Intertrust Technologies Corp. | Digital certificate support system, methods and techniques for secure electronic commerce transaction and rights management |
WO1996027155A2 (en) | 1995-02-13 | 1996-09-06 | Electronic Publishing Resources, Inc. | Systems and methods for secure transaction management and electronic rights protection |
US5892900A (en) | 1996-08-30 | 1999-04-06 | Intertrust Technologies Corp. | Systems and methods for secure transaction management and electronic rights protection |
US7095854B1 (en) | 1995-02-13 | 2006-08-22 | Intertrust Technologies Corp. | Systems and methods for secure transaction management and electronic rights protection |
US7133845B1 (en) * | 1995-02-13 | 2006-11-07 | Intertrust Technologies Corp. | System and methods for secure transaction management and electronic rights protection |
US6658568B1 (en) | 1995-02-13 | 2003-12-02 | Intertrust Technologies Corporation | Trusted infrastructure support system, methods and techniques for secure electronic commerce transaction and rights management |
US6948070B1 (en) * | 1995-02-13 | 2005-09-20 | Intertrust Technologies Corporation | Systems and methods for secure transaction management and electronic rights protection |
US6157721A (en) | 1996-08-12 | 2000-12-05 | Intertrust Technologies Corp. | Systems and methods using cryptography to protect secure computing environments |
US6937729B2 (en) * | 1995-04-03 | 2005-08-30 | Scientific-Atlanta, Inc. | Representing entitlements to service in a conditional access system |
US7224798B2 (en) * | 1995-04-03 | 2007-05-29 | Scientific-Atlanta, Inc. | Methods and apparatus for providing a partial dual-encrypted stream in a conditional access overlay system |
US6560340B1 (en) | 1995-04-03 | 2003-05-06 | Scientific-Atlanta, Inc. | Method and apparatus for geographically limiting service in a conditional access system |
US8548166B2 (en) | 1995-04-03 | 2013-10-01 | Anthony J. Wasilewski | Method for partially encrypting program data |
US6157719A (en) * | 1995-04-03 | 2000-12-05 | Scientific-Atlanta, Inc. | Conditional access system |
US6252964B1 (en) | 1995-04-03 | 2001-06-26 | Scientific-Atlanta, Inc. | Authorization of services in a conditional access system |
US20040136532A1 (en) * | 1995-04-03 | 2004-07-15 | Pinder Howard G. | Partial dual-encrypted stream utilizing program map tables |
US6246767B1 (en) | 1995-04-03 | 2001-06-12 | Scientific-Atlanta, Inc. | Source authentication of download information in a conditional access system |
US6424717B1 (en) | 1995-04-03 | 2002-07-23 | Scientific-Atlanta, Inc. | Encryption devices for use in a conditional access system |
US6760463B2 (en) | 1995-05-08 | 2004-07-06 | Digimarc Corporation | Watermarking methods and media |
US5850450A (en) * | 1995-07-20 | 1998-12-15 | Dallas Semiconductor Corporation | Method and apparatus for encryption key creation |
DE69633877T2 (en) * | 1995-07-28 | 2005-11-03 | Sony Corp. | Control of an electronic system |
US5774652A (en) * | 1995-09-29 | 1998-06-30 | Smith; Perry | Restricted access computer system |
US6807534B1 (en) | 1995-10-13 | 2004-10-19 | Trustees Of Dartmouth College | System and method for managing copyrighted electronic media |
US7047241B1 (en) | 1995-10-13 | 2006-05-16 | Digimarc Corporation | System and methods for managing digital creative works |
US6075858A (en) * | 1995-10-27 | 2000-06-13 | Scm Microsystems (U.S.) Inc. | Encryption key system and method |
US5949881A (en) * | 1995-12-04 | 1999-09-07 | Intel Corporation | Apparatus and method for cryptographic companion imprinting |
US5826011A (en) * | 1995-12-26 | 1998-10-20 | Rainbow Technologies, Inc. | Method of metering and protecting computer software |
US6219423B1 (en) | 1995-12-29 | 2001-04-17 | Intel Corporation | System and method for digitally signing a digital agreement between remotely located nodes |
EP0872077B1 (en) * | 1995-12-29 | 2009-09-23 | Scientific-Atlanta, Inc. | Method and apparatus for providing conditional access in connection-oriented, interactive networks with a multiplicity of service providers |
US5835594A (en) * | 1996-02-09 | 1998-11-10 | Intel Corporation | Methods and apparatus for preventing unauthorized write access to a protected non-volatile storage |
US20010011253A1 (en) | 1998-08-04 | 2001-08-02 | Christopher D. Coley | Automated system for management of licensed software |
DE19612999C2 (en) * | 1996-03-22 | 1999-04-01 | Wasy Ges Fuer Wasserwirtschaft | System for protecting protected software against unauthorized use in computer networks |
US6088450A (en) * | 1996-04-17 | 2000-07-11 | Intel Corporation | Authentication system based on periodic challenge/response protocol |
GB9608696D0 (en) * | 1996-04-26 | 1996-07-03 | Europ Computer Ind Res | Electronic copy protection mechanism |
US6272538B1 (en) * | 1996-07-30 | 2001-08-07 | Micron Technology, Inc. | Method and system for establishing a security perimeter in computer networks |
US5835595A (en) * | 1996-09-04 | 1998-11-10 | At&T Corp | Method and apparatus for crytographically protecting data |
US5796941A (en) * | 1996-09-06 | 1998-08-18 | Catalyst Semiconductor, Inc. | Method for supervising software execution in a license restricted environment |
US5844986A (en) * | 1996-09-30 | 1998-12-01 | Intel Corporation | Secure BIOS |
US5828753A (en) * | 1996-10-25 | 1998-10-27 | Intel Corporation | Circuit and method for ensuring interconnect security within a multi-chip integrated circuit package |
US5949059A (en) * | 1996-12-09 | 1999-09-07 | International Business Machines Corporation | Tamper evident labelling system with embedded storage device |
US6144363A (en) * | 1996-12-16 | 2000-11-07 | Video Road Digital Inc. | Message status display |
GB9626241D0 (en) * | 1996-12-18 | 1997-02-05 | Ncr Int Inc | Secure data processing method and system |
US5818939A (en) * | 1996-12-18 | 1998-10-06 | Intel Corporation | Optimized security functionality in an electronic system |
US6021201A (en) * | 1997-01-07 | 2000-02-01 | Intel Corporation | Method and apparatus for integrated ciphering and hashing |
US6542610B2 (en) | 1997-01-30 | 2003-04-01 | Intel Corporation | Content protection for digital transmission systems |
US5920861A (en) | 1997-02-25 | 1999-07-06 | Intertrust Technologies Corp. | Techniques for defining using and manipulating rights management data structures |
US6233684B1 (en) | 1997-02-28 | 2001-05-15 | Contenaguard Holdings, Inc. | System for controlling the distribution and use of rendered digital works through watermaking |
US6023763A (en) * | 1997-04-23 | 2000-02-08 | Fisher Controls International, Inc. | Method of and apparatus for protecting and upgrading software using a removable hardlock |
US6385723B1 (en) * | 1997-05-15 | 2002-05-07 | Mondex International Limited | Key transformation unit for an IC card |
US6003135A (en) * | 1997-06-04 | 1999-12-14 | Spyrus, Inc. | Modular security device |
US6088802A (en) * | 1997-06-04 | 2000-07-11 | Spyrus, Inc. | Peripheral device with integrated security functionality |
US6188995B1 (en) * | 1997-07-28 | 2001-02-13 | Apple Computer, Inc. | Method and apparatus for enforcing software licenses |
JP2001513587A (en) * | 1997-07-31 | 2001-09-04 | サイエンティフィック−アトランタ・インコーポレーテッド | Verification of source of information program in conditional access system |
US7515712B2 (en) | 1997-08-01 | 2009-04-07 | Cisco Technology, Inc. | Mechanism and apparatus for encapsulation of entitlement authorization in conditional access system |
US6161180A (en) * | 1997-08-29 | 2000-12-12 | International Business Machines Corporation | Authentication for secure devices with limited cryptography |
US6151678A (en) * | 1997-09-09 | 2000-11-21 | Intel Corporation | Anti-theft mechanism for mobile computers |
WO1999015947A1 (en) | 1997-09-19 | 1999-04-01 | Hyo Joon Park | Software license control system based on independent software registration server |
US6061794A (en) * | 1997-09-30 | 2000-05-09 | Compaq Computer Corp. | System and method for performing secure device communications in a peer-to-peer bus architecture |
US5974143A (en) * | 1997-09-30 | 1999-10-26 | Intel Corporation | Virus-resistent mechanism for transaction verification to confirming user |
US6357004B1 (en) | 1997-09-30 | 2002-03-12 | Intel Corporation | System and method for ensuring integrity throughout post-processing |
US6023684A (en) * | 1997-10-01 | 2000-02-08 | Security First Technologies, Inc. | Three tier financial transaction system with cache memory |
EP1025503A4 (en) * | 1997-10-20 | 2002-03-27 | Quickflex Inc | Reconfigurable secure hardware apparatus and method of operation |
US6073237A (en) * | 1997-11-06 | 2000-06-06 | Cybercash, Inc. | Tamper resistant method and apparatus |
US6112181A (en) | 1997-11-06 | 2000-08-29 | Intertrust Technologies Corporation | Systems and methods for matching, selecting, narrowcasting, and/or classifying based on rights management and/or other information |
US6314521B1 (en) | 1997-11-26 | 2001-11-06 | International Business Machines Corporation | Secure configuration of a digital certificate for a printer or other network device |
US6134659A (en) * | 1998-01-07 | 2000-10-17 | Sprong; Katherine A. | Controlled usage software |
US6560706B1 (en) | 1998-01-26 | 2003-05-06 | Intel Corporation | Interface for ensuring system boot image integrity and authenticity |
US6216230B1 (en) | 1998-02-11 | 2001-04-10 | Durango Corporation | Notebook security system (NBS) |
US6189099B1 (en) | 1998-02-11 | 2001-02-13 | Durango Corporation | Notebook security system (NBS) |
USH1944H1 (en) | 1998-03-24 | 2001-02-06 | Lucent Technologies Inc. | Firewall security method and apparatus |
BE1012292A3 (en) * | 1998-03-26 | 2000-09-05 | Int Management Services Afgeko | Method for identifying computer data, units to realise this method and the network that uses this method |
US6341351B1 (en) * | 1998-05-07 | 2002-01-22 | Banctec, Inc. | Method for communicating and controlling transactions between unsecured parties |
US6724895B1 (en) | 1998-06-18 | 2004-04-20 | Supersensor (Proprietary) Limited | Electronic identification system and method with source authenticity verification |
US6523118B1 (en) * | 1998-06-29 | 2003-02-18 | Koninklijke Philips Electronics N.V. | Secure cache for instruction and data protection |
US6105137A (en) * | 1998-07-02 | 2000-08-15 | Intel Corporation | Method and apparatus for integrity verification, authentication, and secure linkage of software modules |
US6401208B2 (en) | 1998-07-17 | 2002-06-04 | Intel Corporation | Method for BIOS authentication prior to BIOS execution |
US6320964B1 (en) | 1998-08-26 | 2001-11-20 | Intel Corporation | Cryptographic accelerator |
US6463535B1 (en) | 1998-10-05 | 2002-10-08 | Intel Corporation | System and method for verifying the integrity and authorization of software before execution in a local platform |
US7068787B1 (en) | 1998-10-23 | 2006-06-27 | Contentguard Holdings, Inc. | System and method for protection of digital works |
US6609199B1 (en) * | 1998-10-26 | 2003-08-19 | Microsoft Corporation | Method and apparatus for authenticating an open system application to a portable IC device |
US20050060549A1 (en) * | 1998-10-26 | 2005-03-17 | Microsoft Corporation | Controlling access to content based on certificates and access predicates |
US7174457B1 (en) | 1999-03-10 | 2007-02-06 | Microsoft Corporation | System and method for authenticating an operating system to a central processing unit, providing the CPU/OS with secure storage, and authenticating the CPU/OS to a third party |
US6327652B1 (en) | 1998-10-26 | 2001-12-04 | Microsoft Corporation | Loading and identifying a digital rights management operating system |
US7194092B1 (en) * | 1998-10-26 | 2007-03-20 | Microsoft Corporation | Key-based secure storage |
US6820063B1 (en) * | 1998-10-26 | 2004-11-16 | Microsoft Corporation | Controlling access to content based on certificates and access predicates |
US7139915B2 (en) | 1998-10-26 | 2006-11-21 | Microsoft Corporation | Method and apparatus for authenticating an open system application to a portable IC device |
US6330670B1 (en) | 1998-10-26 | 2001-12-11 | Microsoft Corporation | Digital rights management operating system |
IL126988A0 (en) * | 1998-11-10 | 1999-09-22 | Elad Barkan | Marking system and method |
US6272469B1 (en) | 1998-11-25 | 2001-08-07 | Ge Medical Systems Global Technology Company, Llc | Imaging system protocol handling method and apparatus |
GB9827831D0 (en) * | 1998-12-17 | 1999-02-10 | Tribeka Ltd | Method and apparatus for the distribution of digitised information on demand |
US6282650B1 (en) | 1999-01-25 | 2001-08-28 | Intel Corporation | Secure public digital watermark |
US6389533B1 (en) | 1999-02-05 | 2002-05-14 | Intel Corporation | Anonymity server |
US6868497B1 (en) * | 1999-03-10 | 2005-03-15 | Digimarc Corporation | Method and apparatus for automatic ID management |
US7136838B1 (en) * | 1999-03-27 | 2006-11-14 | Microsoft Corporation | Digital license and method for obtaining/providing a digital license |
US6973444B1 (en) | 1999-03-27 | 2005-12-06 | Microsoft Corporation | Method for interdependently validating a digital content package and a corresponding digital license |
US7073063B2 (en) * | 1999-03-27 | 2006-07-04 | Microsoft Corporation | Binding a digital license to a portable device or the like in a digital rights management (DRM) system and checking out/checking in the digital license to/from the portable device or the like |
US7565546B2 (en) | 1999-03-30 | 2009-07-21 | Sony Corporation | System, method and apparatus for secure digital content transmission |
US6697489B1 (en) | 1999-03-30 | 2004-02-24 | Sony Corporation | Method and apparatus for securing control words |
US7730300B2 (en) | 1999-03-30 | 2010-06-01 | Sony Corporation | Method and apparatus for protecting the transfer of data |
US6643374B1 (en) | 1999-03-31 | 2003-11-04 | Intel Corporation | Duty cycle corrector for a random number generator |
US6795837B1 (en) | 1999-03-31 | 2004-09-21 | Intel Corporation | Programmable random bit source |
US6571335B1 (en) | 1999-04-01 | 2003-05-27 | Intel Corporation | System and method for authentication of off-chip processor firmware code |
US7286665B1 (en) | 1999-04-06 | 2007-10-23 | Contentguard Holdings, Inc. | System and method for transferring the right to decode messages |
US6937726B1 (en) | 1999-04-06 | 2005-08-30 | Contentguard Holdings, Inc. | System and method for protecting data files by periodically refreshing a decryption key |
US7356688B1 (en) | 1999-04-06 | 2008-04-08 | Contentguard Holdings, Inc. | System and method for document distribution |
US6859533B1 (en) | 1999-04-06 | 2005-02-22 | Contentguard Holdings, Inc. | System and method for transferring the right to decode messages in a symmetric encoding scheme |
US6651171B1 (en) * | 1999-04-06 | 2003-11-18 | Microsoft Corporation | Secure execution of program code |
US6389537B1 (en) * | 1999-04-23 | 2002-05-14 | Intel Corporation | Platform and method for assuring integrity of trusted agent communications |
US7134145B1 (en) * | 1999-04-30 | 2006-11-07 | Koninklijke Philips Electronics N.V. | Registering copy protected material in a check-out, check-in system |
FR2793367B1 (en) * | 1999-05-03 | 2004-09-10 | Jean Luc Stehle | AUTHENTICATION AND SECURITY DEVICE FOR A COMPUTER NETWORK |
EP1056014A1 (en) * | 1999-05-28 | 2000-11-29 | Hewlett-Packard Company | System for providing a trustworthy user interface |
US6647494B1 (en) | 1999-06-14 | 2003-11-11 | Intel Corporation | System and method for checking authorization of remote configuration operations |
US6633981B1 (en) | 1999-06-18 | 2003-10-14 | Intel Corporation | Electronic system and method for controlling access through user authentication |
GB9914262D0 (en) * | 1999-06-18 | 1999-08-18 | Nokia Mobile Phones Ltd | WIM Manufacture certificate |
US6629150B1 (en) | 1999-06-18 | 2003-09-30 | Intel Corporation | Platform and method for creating and using a digital container |
EP1076279A1 (en) * | 1999-08-13 | 2001-02-14 | Hewlett-Packard Company | Computer platforms and their methods of operation |
JP2003507784A (en) * | 1999-08-13 | 2003-02-25 | ヒューレット・パッカード・カンパニー | Mandatory restrictions on the use of stored data |
EP1085396A1 (en) | 1999-09-17 | 2001-03-21 | Hewlett-Packard Company | Operation of trusted state in computing platform |
GB9922665D0 (en) * | 1999-09-25 | 1999-11-24 | Hewlett Packard Co | A method of enforcing trusted functionality in a full function platform |
US7310735B1 (en) * | 1999-10-01 | 2007-12-18 | International Business Machines Corporation | Method, system, and program for distributing software between computer systems |
GB9923802D0 (en) * | 1999-10-08 | 1999-12-08 | Hewlett Packard Co | User authentication |
US6885748B1 (en) | 1999-10-23 | 2005-04-26 | Contentguard Holdings, Inc. | System and method for protection of digital works |
US6912513B1 (en) | 1999-10-29 | 2005-06-28 | Sony Corporation | Copy-protecting management using a user scrambling key |
US7039614B1 (en) * | 1999-11-09 | 2006-05-02 | Sony Corporation | Method for simulcrypting scrambled data to a plurality of conditional access devices |
EP1237326A4 (en) * | 1999-12-06 | 2007-09-05 | Sanyo Electric Co | Data distribution system and recorder for use therein |
EP1237323A4 (en) * | 1999-12-07 | 2005-09-07 | Sanyo Electric Co | Device for reproducing data |
US7032240B1 (en) * | 1999-12-07 | 2006-04-18 | Pace Anti-Piracy, Inc. | Portable authorization device for authorizing use of protected information and associated method |
US6757824B1 (en) | 1999-12-10 | 2004-06-29 | Microsoft Corporation | Client-side boot domains and boot rules |
DE19963471B4 (en) * | 1999-12-29 | 2008-10-09 | Robert Bosch Gmbh | Apparatus and method for preventing piracy of computer programs |
US7248693B1 (en) * | 2000-01-13 | 2007-07-24 | Hewlett-Packard Development Company, L.P. | Secure network-based system for the distributed printing of documents |
US7493497B1 (en) | 2000-02-03 | 2009-02-17 | Integrated Information Solutions | Digital identity device |
US7225164B1 (en) | 2000-02-15 | 2007-05-29 | Sony Corporation | Method and apparatus for implementing revocation in broadcast networks |
US6990579B1 (en) | 2000-03-31 | 2006-01-24 | Intel Corporation | Platform and method for remote attestation of a platform |
US6687721B1 (en) | 2000-03-31 | 2004-02-03 | Intel Corporation | Random number generator with entropy accumulation |
US7013484B1 (en) | 2000-03-31 | 2006-03-14 | Intel Corporation | Managing a secure environment using a chipset in isolated execution mode |
US6792438B1 (en) * | 2000-03-31 | 2004-09-14 | Intel Corporation | Secure hardware random number generator |
US6633963B1 (en) | 2000-03-31 | 2003-10-14 | Intel Corporation | Controlling access to multiple memory zones in an isolated execution environment |
US7013481B1 (en) | 2000-03-31 | 2006-03-14 | Intel Corporation | Attestation key memory device and bus |
US7356817B1 (en) | 2000-03-31 | 2008-04-08 | Intel Corporation | Real-time scheduling of virtual machines |
US6507904B1 (en) | 2000-03-31 | 2003-01-14 | Intel Corporation | Executing isolated mode instructions in a secure system running in privilege rings |
US6934817B2 (en) | 2000-03-31 | 2005-08-23 | Intel Corporation | Controlling access to multiple memory zones in an isolated execution environment |
US7082615B1 (en) | 2000-03-31 | 2006-07-25 | Intel Corporation | Protecting software environment in isolated execution |
US6996710B1 (en) | 2000-03-31 | 2006-02-07 | Intel Corporation | Platform and method for issuing and certifying a hardware-protected attestation key |
US6769058B1 (en) | 2000-03-31 | 2004-07-27 | Intel Corporation | Resetting a processor in an isolated execution environment |
US7111176B1 (en) | 2000-03-31 | 2006-09-19 | Intel Corporation | Generating isolated bus cycles for isolated execution |
US6754815B1 (en) | 2000-03-31 | 2004-06-22 | Intel Corporation | Method and system for scrubbing an isolated area of memory after reset of a processor operating in isolated execution mode if a cleanup flag is set |
US6957332B1 (en) | 2000-03-31 | 2005-10-18 | Intel Corporation | Managing a secure platform using a hierarchical executive architecture in isolated execution mode |
US7073071B1 (en) | 2000-03-31 | 2006-07-04 | Intel Corporation | Platform and method for generating and utilizing a protected audit log |
US7194634B2 (en) | 2000-03-31 | 2007-03-20 | Intel Corporation | Attestation key memory device and bus |
US6795905B1 (en) | 2000-03-31 | 2004-09-21 | Intel Corporation | Controlling accesses to isolated memory using a memory controller for isolated execution |
US6760441B1 (en) | 2000-03-31 | 2004-07-06 | Intel Corporation | Generating a key hieararchy for use in an isolated execution environment |
US6678825B1 (en) | 2000-03-31 | 2004-01-13 | Intel Corporation | Controlling access to multiple isolated memories in an isolated execution environment |
US7089418B1 (en) | 2000-03-31 | 2006-08-08 | Intel Corporation | Managing accesses in a processor for isolated execution |
US20030206631A1 (en) * | 2000-06-22 | 2003-11-06 | Candelore Brant L. | Method and apparatus for scrambling program data for furture viewing |
US6976162B1 (en) | 2000-06-28 | 2005-12-13 | Intel Corporation | Platform and method for establishing provable identities while maintaining privacy |
US6678833B1 (en) | 2000-06-30 | 2004-01-13 | Intel Corporation | Protection of boot block data and accurate reporting of boot block contents |
US7552333B2 (en) * | 2000-08-04 | 2009-06-23 | First Data Corporation | Trusted authentication digital signature (tads) system |
CA2417770C (en) * | 2000-08-04 | 2011-10-25 | First Data Corporation | Trusted authentication digital signature (tads) system |
GB0020441D0 (en) * | 2000-08-18 | 2000-10-04 | Hewlett Packard Co | Performance of a service on a computing platform |
DE50007300D1 (en) * | 2000-08-24 | 2004-09-09 | Wibu Systems Ag | Process for the protection of computer software and / or computer-readable data and protective device |
US7603319B2 (en) | 2000-08-28 | 2009-10-13 | Contentguard Holdings, Inc. | Method and apparatus for preserving customer identity in on-line transactions |
US7743259B2 (en) | 2000-08-28 | 2010-06-22 | Contentguard Holdings, Inc. | System and method for digital rights management using a standard rendering engine |
US6931545B1 (en) | 2000-08-28 | 2005-08-16 | Contentguard Holdings, Inc. | Systems and methods for integrity certification and verification of content consumption environments |
US7073199B1 (en) | 2000-08-28 | 2006-07-04 | Contentguard Holdings, Inc. | Document distribution management method and apparatus using a standard rendering engine and a method and apparatus for controlling a standard rendering engine |
DE10043499A1 (en) * | 2000-09-01 | 2002-03-14 | Bosch Gmbh Robert | Data transmission method |
US7194759B1 (en) * | 2000-09-15 | 2007-03-20 | International Business Machines Corporation | Used trusted co-servers to enhance security of web interaction |
EP1352307A2 (en) * | 2000-09-22 | 2003-10-15 | EDC Systems, Inc. | Systems and methods for preventing unauthorized use of digital content |
US7237123B2 (en) | 2000-09-22 | 2007-06-26 | Ecd Systems, Inc. | Systems and methods for preventing unauthorized use of digital content |
US7793111B1 (en) | 2000-09-28 | 2010-09-07 | Intel Corporation | Mechanism to handle events in a machine with isolated execution |
US7389427B1 (en) | 2000-09-28 | 2008-06-17 | Intel Corporation | Mechanism to secure computer output from software attack using isolated execution |
US7343324B2 (en) | 2000-11-03 | 2008-03-11 | Contentguard Holdings Inc. | Method, system, and computer readable medium for automatically publishing content |
US7962416B1 (en) * | 2000-11-22 | 2011-06-14 | Ge Medical Technology Services, Inc. | Method and system to remotely enable software-based options for a trial period |
US6938164B1 (en) | 2000-11-22 | 2005-08-30 | Microsoft Corporation | Method and system for allowing code to be securely initialized in a computer |
GB2376763B (en) | 2001-06-19 | 2004-12-15 | Hewlett Packard Co | Demonstrating integrity of a compartment of a compartmented operating system |
US7080406B2 (en) * | 2000-12-15 | 2006-07-18 | International Business Machines Corporation | Method for transferring privilege access to a resource manager with subsequent loss of privilege by the initiating identity |
US7266704B2 (en) | 2000-12-18 | 2007-09-04 | Digimarc Corporation | User-friendly rights management systems and methods |
US8055899B2 (en) | 2000-12-18 | 2011-11-08 | Digimarc Corporation | Systems and methods using digital watermarking and identifier extraction to provide promotional opportunities |
US7073062B2 (en) * | 2000-12-19 | 2006-07-04 | International Business Machines Corporation | Method and apparatus to mutually authentication software modules |
US7215781B2 (en) * | 2000-12-22 | 2007-05-08 | Intel Corporation | Creation and distribution of a secret value between two devices |
US7035963B2 (en) | 2000-12-27 | 2006-04-25 | Intel Corporation | Method for resolving address space conflicts between a virtual machine monitor and a guest operating system |
US7818808B1 (en) | 2000-12-27 | 2010-10-19 | Intel Corporation | Processor mode for limiting the operation of guest software running on a virtual machine supported by a virtual machine monitor |
US6907600B2 (en) | 2000-12-27 | 2005-06-14 | Intel Corporation | Virtual translation lookaside buffer |
US7225441B2 (en) * | 2000-12-27 | 2007-05-29 | Intel Corporation | Mechanism for providing power management through virtualization |
US6948065B2 (en) | 2000-12-27 | 2005-09-20 | Intel Corporation | Platform and method for securely transmitting an authorization secret |
US7117376B2 (en) * | 2000-12-28 | 2006-10-03 | Intel Corporation | Platform and method of creating a secure boot that enforces proper user authentication and enforces hardware configurations |
US6912294B2 (en) | 2000-12-29 | 2005-06-28 | Contentguard Holdings, Inc. | Multi-stage watermarking process and system |
US7350083B2 (en) * | 2000-12-29 | 2008-03-25 | Intel Corporation | Integrated circuit chip having firmware and hardware security primitive device(s) |
US20020152393A1 (en) * | 2001-01-09 | 2002-10-17 | Johannes Thoma | Secure extensible computing environment |
US7028009B2 (en) | 2001-01-17 | 2006-04-11 | Contentguardiholdings, Inc. | Method and apparatus for distributing enforceable property rights |
US7774279B2 (en) | 2001-05-31 | 2010-08-10 | Contentguard Holdings, Inc. | Rights offering and granting |
US7206765B2 (en) | 2001-01-17 | 2007-04-17 | Contentguard Holdings, Inc. | System and method for supplying and managing usage rights based on rules |
US8069116B2 (en) | 2001-01-17 | 2011-11-29 | Contentguard Holdings, Inc. | System and method for supplying and managing usage rights associated with an item repository |
US6754642B2 (en) | 2001-05-31 | 2004-06-22 | Contentguard Holdings, Inc. | Method and apparatus for dynamically assigning usage rights to digital works |
CN101369299B (en) | 2001-01-17 | 2010-06-09 | 康坦夹德控股股份有限公司 | Method and apparatus for managing digital content usage rights |
US7310734B2 (en) * | 2001-02-01 | 2007-12-18 | 3M Innovative Properties Company | Method and system for securing a computer network and personal identification device used therein for controlling access to network components |
GB2372345A (en) * | 2001-02-17 | 2002-08-21 | Hewlett Packard Co | Secure email handling using a compartmented operating system |
US6662284B2 (en) * | 2001-02-20 | 2003-12-09 | Hewlett-Packard Development Company, L.C. | Computer apparatus, method and memory including license key |
GB2372595A (en) | 2001-02-23 | 2002-08-28 | Hewlett Packard Co | Method of and apparatus for ascertaining the status of a data processing environment. |
GB2372593B (en) * | 2001-02-23 | 2005-05-18 | Hewlett Packard Co | Electronic communication |
GB2372592B (en) | 2001-02-23 | 2005-03-30 | Hewlett Packard Co | Information system |
WO2002073380A1 (en) * | 2001-03-07 | 2002-09-19 | Tan Aureliano Jr | Digital identity device |
US7096497B2 (en) * | 2001-03-30 | 2006-08-22 | Intel Corporation | File checking using remote signing authority via a network |
US20020144121A1 (en) * | 2001-03-30 | 2002-10-03 | Ellison Carl M. | Checking file integrity using signature generated in isolated execution |
US7272831B2 (en) * | 2001-03-30 | 2007-09-18 | Intel Corporation | Method and apparatus for constructing host processor soft devices independent of the host processor operating system |
US8909555B2 (en) * | 2001-04-24 | 2014-12-09 | Hewlett-Packard Development Company, L.P. | Information security system |
WO2002091146A2 (en) | 2001-05-09 | 2002-11-14 | Ecd Systems, Inc. | Systems and methods for the prevention of unauthorized use and manipulation of digital content |
EP2273342A1 (en) * | 2001-05-24 | 2011-01-12 | Sony Corporation | Service providing method and integrated circuit |
US6876984B2 (en) | 2001-05-31 | 2005-04-05 | Contentguard Holdings, Inc. | Method and apparatus for establishing usage rights for digital content to be created in the future |
US7152046B2 (en) | 2001-05-31 | 2006-12-19 | Contentguard Holdings, Inc. | Method and apparatus for tracking status of resource in a system for managing use of the resources |
US8275716B2 (en) | 2001-05-31 | 2012-09-25 | Contentguard Holdings, Inc. | Method and system for subscription digital rights management |
US6895503B2 (en) | 2001-05-31 | 2005-05-17 | Contentguard Holdings, Inc. | Method and apparatus for hierarchical assignment of rights to documents and documents having such rights |
US7725401B2 (en) | 2001-05-31 | 2010-05-25 | Contentguard Holdings, Inc. | Method and apparatus for establishing usage rights for digital content to be created in the future |
US6973445B2 (en) | 2001-05-31 | 2005-12-06 | Contentguard Holdings, Inc. | Demarcated digital content and method for creating and processing demarcated digital works |
US8001053B2 (en) | 2001-05-31 | 2011-08-16 | Contentguard Holdings, Inc. | System and method for rights offering and granting using shared state variables |
US6976009B2 (en) | 2001-05-31 | 2005-12-13 | Contentguard Holdings, Inc. | Method and apparatus for assigning consequential rights to documents and documents having such rights |
US8099364B2 (en) | 2001-05-31 | 2012-01-17 | Contentguard Holdings, Inc. | Digital rights management of content when content is a future live event |
US8275709B2 (en) | 2001-05-31 | 2012-09-25 | Contentguard Holdings, Inc. | Digital rights management of content when content is a future live event |
US7222104B2 (en) | 2001-05-31 | 2007-05-22 | Contentguard Holdings, Inc. | Method and apparatus for transferring usage rights and digital work having transferrable usage rights |
GB2376313A (en) * | 2001-06-04 | 2002-12-11 | Hewlett Packard Co | Indicating to a user if they are connected to a trusted computer platform |
US7350082B2 (en) | 2001-06-06 | 2008-03-25 | Sony Corporation | Upgrading of encryption |
US7124303B2 (en) | 2001-06-06 | 2006-10-17 | Sony Corporation | Elementary stream partial encryption |
US7895616B2 (en) | 2001-06-06 | 2011-02-22 | Sony Corporation | Reconstitution of program streams split across multiple packet identifiers |
US7747853B2 (en) | 2001-06-06 | 2010-06-29 | Sony Corporation | IP delivery of secure digital content |
JP2004530222A (en) | 2001-06-07 | 2004-09-30 | コンテントガード ホールディングズ インコーポレイテッド | Method and apparatus for supporting multiple zones of trust in a digital rights management system |
EP1323018A4 (en) | 2001-06-07 | 2004-07-07 | Contentguard Holdings Inc | Protected content distribution system |
US7774280B2 (en) * | 2001-06-07 | 2010-08-10 | Contentguard Holdings, Inc. | System and method for managing transfer of rights using shared state variables |
GB2376764B (en) * | 2001-06-19 | 2004-12-29 | Hewlett Packard Co | Multiple trusted computing environments |
GB2376765B (en) | 2001-06-19 | 2004-12-29 | Hewlett Packard Co | Multiple trusted computing environments with verifiable environment identities |
GB2376761A (en) * | 2001-06-19 | 2002-12-24 | Hewlett Packard Co | An arrangement in which a process is run on a host operating system but may be switched to a guest system if it poses a security risk |
US20030005317A1 (en) * | 2001-06-28 | 2003-01-02 | Audebert Yves Louis Gabriel | Method and system for generating and verifying a key protection certificate |
WO2003009195A1 (en) * | 2001-07-16 | 2003-01-30 | Dmitry Alexandrovich Gertner | Individual cryptoprotective crafe complex |
US7191440B2 (en) | 2001-08-15 | 2007-03-13 | Intel Corporation | Tracking operating system process and thread execution and virtual machine execution in hardware or in a virtual machine monitor |
US7137000B2 (en) | 2001-08-24 | 2006-11-14 | Zih Corp. | Method and apparatus for article authentication |
JP2003122537A (en) * | 2001-10-15 | 2003-04-25 | Minolta Co Ltd | License management device and management system |
US7024555B2 (en) | 2001-11-01 | 2006-04-04 | Intel Corporation | Apparatus and method for unilaterally loading a secure operating system within a multiprocessor environment |
US7243230B2 (en) | 2001-11-16 | 2007-07-10 | Microsoft Corporation | Transferring application secrets in a trusted operating system environment |
US7159240B2 (en) * | 2001-11-16 | 2007-01-02 | Microsoft Corporation | Operating system upgrades in a trusted operating system environment |
US7137004B2 (en) | 2001-11-16 | 2006-11-14 | Microsoft Corporation | Manifest-based trusted agent management in a trusted operating system environment |
GB2382419B (en) * | 2001-11-22 | 2005-12-14 | Hewlett Packard Co | Apparatus and method for creating a trusted environment |
US7103771B2 (en) * | 2001-12-17 | 2006-09-05 | Intel Corporation | Connecting a virtual token to a physical token |
US20030126454A1 (en) * | 2001-12-28 | 2003-07-03 | Glew Andrew F. | Authenticated code method and apparatus |
US20030126453A1 (en) * | 2001-12-31 | 2003-07-03 | Glew Andrew F. | Processor supporting execution of an authenticated code instruction |
US7308576B2 (en) * | 2001-12-31 | 2007-12-11 | Intel Corporation | Authenticated code module |
US7218738B2 (en) | 2002-01-02 | 2007-05-15 | Sony Corporation | Encryption and content control in a digital broadcast system |
US7215770B2 (en) | 2002-01-02 | 2007-05-08 | Sony Corporation | System and method for partially encrypted multimedia stream |
US7765567B2 (en) | 2002-01-02 | 2010-07-27 | Sony Corporation | Content replacement by PID mapping |
US7233669B2 (en) | 2002-01-02 | 2007-06-19 | Sony Corporation | Selective encryption to enable multiple decryption keys |
US7155012B2 (en) | 2002-01-02 | 2006-12-26 | Sony Corporation | Slice mask and moat pattern partial encryption |
US7242773B2 (en) | 2002-09-09 | 2007-07-10 | Sony Corporation | Multiple partial encryption using retuning |
US7039938B2 (en) | 2002-01-02 | 2006-05-02 | Sony Corporation | Selective encryption for video on demand |
US7376233B2 (en) | 2002-01-02 | 2008-05-20 | Sony Corporation | Video slice and active region based multiple partial encryption |
US7823174B2 (en) | 2002-01-02 | 2010-10-26 | Sony Corporation | Macro-block based content replacement by PID mapping |
US7302059B2 (en) | 2002-01-02 | 2007-11-27 | Sony Corporation | Star pattern partial encryption |
US7292691B2 (en) | 2002-01-02 | 2007-11-06 | Sony Corporation | Progressive video refresh slice detection |
US7480806B2 (en) * | 2002-02-22 | 2009-01-20 | Intel Corporation | Multi-token seal and unseal |
WO2003073688A1 (en) * | 2002-02-22 | 2003-09-04 | Emc Corporation | Authenticating hardware devices incorporating digital certificates |
US7124273B2 (en) * | 2002-02-25 | 2006-10-17 | Intel Corporation | Method and apparatus for translating guest physical addresses in a virtual machine environment |
US7631196B2 (en) | 2002-02-25 | 2009-12-08 | Intel Corporation | Method and apparatus for loading a trustable operating system |
US7028149B2 (en) * | 2002-03-29 | 2006-04-11 | Intel Corporation | System and method for resetting a platform configuration register |
US7069442B2 (en) | 2002-03-29 | 2006-06-27 | Intel Corporation | System and method for execution of a secured environment initialization instruction |
US20030191943A1 (en) * | 2002-04-05 | 2003-10-09 | Poisner David I. | Methods and arrangements to register code |
EP1353259B1 (en) * | 2002-04-08 | 2006-06-14 | Aladdin Knowledge Systems (Deutschland) GmbH | Method of upgrading and licensing computer programs and computer system therefor |
US20030196096A1 (en) * | 2002-04-12 | 2003-10-16 | Sutton James A. | Microcode patch authentication |
US7076669B2 (en) * | 2002-04-15 | 2006-07-11 | Intel Corporation | Method and apparatus for communicating securely with a token |
US7058807B2 (en) * | 2002-04-15 | 2006-06-06 | Intel Corporation | Validation of inclusion of a platform within a data center |
US20030196100A1 (en) * | 2002-04-15 | 2003-10-16 | Grawrock David W. | Protection against memory attacks following reset |
US7127548B2 (en) | 2002-04-16 | 2006-10-24 | Intel Corporation | Control register access virtualization performance improvement in the virtual-machine architecture |
US7487365B2 (en) * | 2002-04-17 | 2009-02-03 | Microsoft Corporation | Saving and retrieving data based on symmetric key encryption |
US7890771B2 (en) | 2002-04-17 | 2011-02-15 | Microsoft Corporation | Saving and retrieving data based on public key encryption |
US7139890B2 (en) * | 2002-04-30 | 2006-11-21 | Intel Corporation | Methods and arrangements to interface memory |
US7530084B2 (en) | 2002-05-28 | 2009-05-05 | Sony Corporation | Method and apparatus for synchronizing dynamic graphics |
US7478233B2 (en) * | 2002-05-30 | 2009-01-13 | Microsoft Corporation | Prevention of software tampering |
US20030228911A1 (en) * | 2002-06-05 | 2003-12-11 | Dernis Mitchell S. | DVD-enabling code server and loader for a console-based gaming system |
US20050137018A1 (en) * | 2002-06-05 | 2005-06-23 | Microsoft Corporation | DVD-enabling dongle for a console-based gaming system |
US20030229794A1 (en) * | 2002-06-07 | 2003-12-11 | Sutton James A. | System and method for protection against untrusted system management code by redirecting a system management interrupt and creating a virtual machine container |
US6820177B2 (en) | 2002-06-12 | 2004-11-16 | Intel Corporation | Protected configuration space in a protected environment |
US7142674B2 (en) | 2002-06-18 | 2006-11-28 | Intel Corporation | Method of confirming a secure key exchange |
RU2300844C2 (en) * | 2002-06-18 | 2007-06-10 | Ооо "Крейф" | Personal cryptoprotection system |
US7296154B2 (en) * | 2002-06-24 | 2007-11-13 | Microsoft Corporation | Secure media path methods, systems, and architectures |
US7392415B2 (en) * | 2002-06-26 | 2008-06-24 | Intel Corporation | Sleep protection |
US20040003321A1 (en) * | 2002-06-27 | 2004-01-01 | Glew Andrew F. | Initialization of protected system |
US7124327B2 (en) | 2002-06-29 | 2006-10-17 | Intel Corporation | Control over faults occurring during the operation of guest software in the virtual-machine architecture |
US6996748B2 (en) | 2002-06-29 | 2006-02-07 | Intel Corporation | Handling faults associated with operation of guest software in the virtual-machine architecture |
US7454784B2 (en) * | 2002-07-09 | 2008-11-18 | Harvinder Sahota | System and method for identity verification |
US7111171B2 (en) * | 2002-07-09 | 2006-09-19 | Kaleidescope, Inc. | Parallel distribution and fingerprinting of digital content |
US7296267B2 (en) * | 2002-07-12 | 2007-11-13 | Intel Corporation | System and method for binding virtual machines to hardware contexts |
US9349411B2 (en) * | 2002-07-16 | 2016-05-24 | Digimarc Corporation | Digital watermarking and fingerprinting applications for copy protection |
EP1429224A1 (en) * | 2002-12-10 | 2004-06-16 | Texas Instruments Incorporated | Firmware run-time authentication |
CN102737180A (en) * | 2002-08-08 | 2012-10-17 | 晟碟以色列有限公司 | Integrated circuit for digital rights management |
NO20023860D0 (en) * | 2002-08-14 | 2002-08-14 | Sospita As | Procedure for generating and processing data streams containing encrypted and decrypted data |
US7770212B2 (en) * | 2002-08-15 | 2010-08-03 | Activcard | System and method for privilege delegation and control |
GB2392262A (en) * | 2002-08-23 | 2004-02-25 | Hewlett Packard Co | A method of controlling the processing of data |
US8818896B2 (en) | 2002-09-09 | 2014-08-26 | Sony Corporation | Selective encryption with coverage encryption |
US8572408B2 (en) | 2002-11-05 | 2013-10-29 | Sony Corporation | Digital rights management of a digital device |
US7724907B2 (en) | 2002-11-05 | 2010-05-25 | Sony Corporation | Mechanism for protecting the transfer of digital content |
US7165181B2 (en) | 2002-11-27 | 2007-01-16 | Intel Corporation | System and method for establishing trust without revealing identity |
US7073042B2 (en) | 2002-12-12 | 2006-07-04 | Intel Corporation | Reclaiming existing fields in address translation data structures to extend control over memory accesses |
US8645988B2 (en) | 2002-12-13 | 2014-02-04 | Sony Corporation | Content personalization for digital content |
US8667525B2 (en) | 2002-12-13 | 2014-03-04 | Sony Corporation | Targeted advertisement selection from a digital stream |
US7318235B2 (en) | 2002-12-16 | 2008-01-08 | Intel Corporation | Attestation using both fixed token and portable token |
US20040117318A1 (en) * | 2002-12-16 | 2004-06-17 | Grawrock David W. | Portable token controlling trusted environment launch |
US7318141B2 (en) | 2002-12-17 | 2008-01-08 | Intel Corporation | Methods and systems to control virtual machines |
US7793286B2 (en) * | 2002-12-19 | 2010-09-07 | Intel Corporation | Methods and systems to manage machine state in virtual machine operations |
US7900017B2 (en) * | 2002-12-27 | 2011-03-01 | Intel Corporation | Mechanism for remapping post virtual machine memory pages |
US20040128465A1 (en) * | 2002-12-30 | 2004-07-01 | Lee Micheil J. | Configurable memory bus width |
US7076802B2 (en) * | 2002-12-31 | 2006-07-11 | Intel Corporation | Trusted system clock |
US7370212B2 (en) | 2003-02-25 | 2008-05-06 | Microsoft Corporation | Issuing a publisher use license off-line in a digital rights management (DRM) system |
US7409702B2 (en) | 2003-03-20 | 2008-08-05 | Sony Corporation | Auxiliary program association table |
US7292692B2 (en) | 2003-03-25 | 2007-11-06 | Sony Corporation | Content scrambling with minimal impact on legacy devices |
US8041957B2 (en) | 2003-04-08 | 2011-10-18 | Qualcomm Incorporated | Associating software with hardware using cryptography |
EA015549B1 (en) * | 2003-06-05 | 2011-08-30 | Интертраст Текнолоджис Корпорейшн | Interoperable systems and methods for peer-to-peer service orchestration |
US7415708B2 (en) | 2003-06-26 | 2008-08-19 | Intel Corporation | Virtual machine management using processor state information |
US7177888B2 (en) | 2003-08-01 | 2007-02-13 | Intel Corporation | Programmable random bit source |
US7286667B1 (en) | 2003-09-15 | 2007-10-23 | Sony Corporation | Decryption system |
US7287197B2 (en) * | 2003-09-15 | 2007-10-23 | Intel Corporation | Vectoring an interrupt or exception upon resuming operation of a virtual machine |
US7424709B2 (en) | 2003-09-15 | 2008-09-09 | Intel Corporation | Use of multiple virtual machine monitors to handle privileged events |
US7739521B2 (en) | 2003-09-18 | 2010-06-15 | Intel Corporation | Method of obscuring cryptographic computations |
US7610611B2 (en) | 2003-09-19 | 2009-10-27 | Moran Douglas R | Prioritized address decoder |
US20050080934A1 (en) | 2003-09-30 | 2005-04-14 | Cota-Robles Erik C. | Invalidating translation lookaside buffer entries in a virtual machine (VM) system |
US7366305B2 (en) * | 2003-09-30 | 2008-04-29 | Intel Corporation | Platform and method for establishing trust without revealing identity |
US7177967B2 (en) | 2003-09-30 | 2007-02-13 | Intel Corporation | Chipset support for managing hardware interrupts in a virtual machine system |
US7237051B2 (en) | 2003-09-30 | 2007-06-26 | Intel Corporation | Mechanism to control hardware interrupt acknowledgement in a virtual machine system |
US8898657B2 (en) * | 2003-10-03 | 2014-11-25 | Cyberlink Corp. | System and method for licensing software |
US7979911B2 (en) | 2003-10-08 | 2011-07-12 | Microsoft Corporation | First computer process and second computer process proxy-executing code from third computer process on behalf of first process |
US7788496B2 (en) | 2003-10-08 | 2010-08-31 | Microsoft Corporation | First computer process and second computer process proxy-executing code on behalf thereof |
US8103592B2 (en) | 2003-10-08 | 2012-01-24 | Microsoft Corporation | First computer process and second computer process proxy-executing code on behalf of first process |
US7263187B2 (en) | 2003-10-31 | 2007-08-28 | Sony Corporation | Batch mode session-based encryption of video on demand content |
US7620180B2 (en) | 2003-11-03 | 2009-11-17 | Sony Corporation | Preparation of content for multiple conditional access methods in video on demand |
US7853980B2 (en) | 2003-10-31 | 2010-12-14 | Sony Corporation | Bi-directional indices for trick mode video-on-demand |
US7343013B2 (en) | 2003-12-16 | 2008-03-11 | Sony Corporation | Composite session-based encryption of video on demand content |
US7346163B2 (en) | 2003-10-31 | 2008-03-18 | Sony Corporation | Dynamic composition of pre-encrypted video on demand content |
US7636844B2 (en) | 2003-11-17 | 2009-12-22 | Intel Corporation | Method and system to provide a trusted channel within a computer system for a SIM device |
US8396216B2 (en) * | 2003-11-21 | 2013-03-12 | Howard G. Pinder | Partial dual-encryption using program map tables |
US8156343B2 (en) | 2003-11-26 | 2012-04-10 | Intel Corporation | Accessing private data about the state of a data processing machine from storage that is publicly accessible |
US8037314B2 (en) | 2003-12-22 | 2011-10-11 | Intel Corporation | Replacing blinded authentication authority |
US7711951B2 (en) * | 2004-01-08 | 2010-05-04 | International Business Machines Corporation | Method and system for establishing a trust framework based on smart key devices |
US7849326B2 (en) * | 2004-01-08 | 2010-12-07 | International Business Machines Corporation | Method and system for protecting master secrets using smart key devices |
US7802085B2 (en) | 2004-02-18 | 2010-09-21 | Intel Corporation | Apparatus and method for distributing private keys to an entity with minimal secret, unique information |
DE102004014435A1 (en) * | 2004-03-24 | 2005-11-17 | Siemens Ag | Arrangement with an integrated circuit |
US7356735B2 (en) | 2004-03-30 | 2008-04-08 | Intel Corporation | Providing support for single stepping a virtual machine in a virtual machine environment |
US7620949B2 (en) | 2004-03-31 | 2009-11-17 | Intel Corporation | Method and apparatus for facilitating recognition of an open event window during operation of guest software in a virtual machine environment |
US20060242406A1 (en) | 2005-04-22 | 2006-10-26 | Microsoft Corporation | Protected computing environment |
EP1594316A1 (en) | 2004-05-03 | 2005-11-09 | Thomson Licensing | Certificate validity checking |
US7490070B2 (en) | 2004-06-10 | 2009-02-10 | Intel Corporation | Apparatus and method for proving the denial of a direct proof signature |
WO2006012058A1 (en) * | 2004-06-28 | 2006-02-02 | Japan Communications, Inc. | Systems and methods for mutual authentication of network |
US7958546B2 (en) * | 2004-06-29 | 2011-06-07 | International Business Machines Corporation | Identity access management system |
US7305592B2 (en) | 2004-06-30 | 2007-12-04 | Intel Corporation | Support for nested fault in a virtual machine environment |
US7840962B2 (en) | 2004-09-30 | 2010-11-23 | Intel Corporation | System and method for controlling switching between VMM and VM using enabling value of VMM timer indicator and VMM timer value having a specified time |
US8347078B2 (en) | 2004-10-18 | 2013-01-01 | Microsoft Corporation | Device certificate individualization |
US8146078B2 (en) | 2004-10-29 | 2012-03-27 | Intel Corporation | Timer offsetting mechanism in a virtual machine environment |
US20060095454A1 (en) * | 2004-10-29 | 2006-05-04 | Texas Instruments Incorporated | System and method for secure collaborative terminal identity authentication between a wireless communication device and a wireless operator |
US8336085B2 (en) | 2004-11-15 | 2012-12-18 | Microsoft Corporation | Tuning product policy using observed evidence of customer behavior |
US8464348B2 (en) * | 2004-11-15 | 2013-06-11 | Microsoft Corporation | Isolated computing environment anchored into CPU and motherboard |
US8176564B2 (en) | 2004-11-15 | 2012-05-08 | Microsoft Corporation | Special PC mode entered upon detection of undesired state |
US8281132B2 (en) * | 2004-11-29 | 2012-10-02 | Broadcom Corporation | Method and apparatus for security over multiple interfaces |
US8924728B2 (en) | 2004-11-30 | 2014-12-30 | Intel Corporation | Apparatus and method for establishing a secure session with a device without exposing privacy-sensitive information |
US7895617B2 (en) | 2004-12-15 | 2011-02-22 | Sony Corporation | Content substitution editor |
US8041190B2 (en) | 2004-12-15 | 2011-10-18 | Sony Corporation | System and method for the creation, synchronization and delivery of alternate content |
US7475247B2 (en) * | 2004-12-16 | 2009-01-06 | International Business Machines Corporation | Method for using a portable computing device as a smart key device |
US7386736B2 (en) * | 2004-12-16 | 2008-06-10 | International Business Machines Corporation | Method and system for using a compact disk as a smart key device |
US8051052B2 (en) | 2004-12-21 | 2011-11-01 | Sandisk Technologies Inc. | Method for creating control structure for versatile content control |
US20060242067A1 (en) * | 2004-12-21 | 2006-10-26 | Fabrice Jogand-Coulomb | System for creating control structure for versatile content control |
US20060242066A1 (en) * | 2004-12-21 | 2006-10-26 | Fabrice Jogand-Coulomb | Versatile content control with partitioning |
US20060242150A1 (en) * | 2004-12-21 | 2006-10-26 | Fabrice Jogand-Coulomb | Method using control structure for versatile content control |
US8504849B2 (en) | 2004-12-21 | 2013-08-06 | Sandisk Technologies Inc. | Method for versatile content control |
US20060242151A1 (en) * | 2004-12-21 | 2006-10-26 | Fabrice Jogand-Coulomb | Control structure for versatile content control |
US8601283B2 (en) | 2004-12-21 | 2013-12-03 | Sandisk Technologies Inc. | Method for versatile content control with partitioning |
JP4603350B2 (en) * | 2004-12-24 | 2010-12-22 | 富士通株式会社 | Personal authentication device |
US8533777B2 (en) * | 2004-12-29 | 2013-09-10 | Intel Corporation | Mechanism to determine trust of out-of-band management agents |
KR20060081337A (en) * | 2005-01-07 | 2006-07-12 | 엘지전자 주식회사 | Encryption and decryption method using a secret key |
US8181266B2 (en) * | 2005-01-13 | 2012-05-15 | Samsung Electronics Co., Ltd. | Method for moving a rights object between devices and a method and device for using a content object based on the moving method and device |
US7770205B2 (en) * | 2005-01-19 | 2010-08-03 | Microsoft Corporation | Binding a device to a computer |
US7395405B2 (en) | 2005-01-28 | 2008-07-01 | Intel Corporation | Method and apparatus for supporting address translation in a virtual machine environment |
US7890428B2 (en) * | 2005-02-04 | 2011-02-15 | Microsoft Corporation | Flexible licensing architecture for licensing digital application |
US7549051B2 (en) * | 2005-03-10 | 2009-06-16 | Microsoft Corporation | Long-life digital certification for publishing long-life digital content or the like in content rights management system or the like |
US8539587B2 (en) | 2005-03-22 | 2013-09-17 | Hewlett-Packard Development Company, L.P. | Methods, devices and data structures for trusted data |
US8438645B2 (en) | 2005-04-27 | 2013-05-07 | Microsoft Corporation | Secure clock with grace periods |
US7856404B2 (en) * | 2005-04-14 | 2010-12-21 | Microsoft Corporation | Playlist burning in rights-management context |
US8738536B2 (en) * | 2005-04-14 | 2014-05-27 | Microsoft Corporation | Licensing content for use on portable device |
US8725646B2 (en) | 2005-04-15 | 2014-05-13 | Microsoft Corporation | Output protection levels |
US9363481B2 (en) | 2005-04-22 | 2016-06-07 | Microsoft Technology Licensing, Llc | Protected media pipeline |
US7693280B2 (en) | 2005-04-22 | 2010-04-06 | Microsoft Corporation | Rights management system for streamed multimedia content |
US8290874B2 (en) | 2005-04-22 | 2012-10-16 | Microsoft Corporation | Rights management system for streamed multimedia content |
US9507919B2 (en) | 2005-04-22 | 2016-11-29 | Microsoft Technology Licensing, Llc | Rights management system for streamed multimedia content |
US9436804B2 (en) | 2005-04-22 | 2016-09-06 | Microsoft Technology Licensing, Llc | Establishing a unique session key using a hardware functionality scan |
US8091142B2 (en) | 2005-04-26 | 2012-01-03 | Microsoft Corporation | Supplementary trust model for software licensing/commercial digital distribution policy |
US8375369B2 (en) * | 2005-04-26 | 2013-02-12 | Apple Inc. | Run-time code injection to perform checks |
US20060265758A1 (en) | 2005-05-20 | 2006-11-23 | Microsoft Corporation | Extensible media rights |
US20060272031A1 (en) * | 2005-05-24 | 2006-11-30 | Napster Llc | System and method for unlimited licensing to a fixed number of devices |
US7684566B2 (en) | 2005-05-27 | 2010-03-23 | Microsoft Corporation | Encryption scheme for streamed multimedia content protected by rights management system |
US8353046B2 (en) | 2005-06-08 | 2013-01-08 | Microsoft Corporation | System and method for delivery of a modular operating system |
US7748031B2 (en) | 2005-07-08 | 2010-06-29 | Sandisk Corporation | Mass storage device with automated credentials loading |
US8321690B2 (en) | 2005-08-11 | 2012-11-27 | Microsoft Corporation | Protecting digital media of various content types |
US20070061893A1 (en) * | 2005-09-09 | 2007-03-15 | Black Jeffery D | Methods and devices for copy protection of software |
US7809957B2 (en) | 2005-09-29 | 2010-10-05 | Intel Corporation | Trusted platform module for generating sealed data |
US8407146B2 (en) * | 2005-10-28 | 2013-03-26 | Microsoft Corporation | Secure storage |
US7921303B2 (en) | 2005-11-18 | 2011-04-05 | Qualcomm Incorporated | Mobile security system and method |
US7929703B2 (en) * | 2005-12-28 | 2011-04-19 | Alcatel-Lucent Usa Inc. | Methods and system for managing security keys within a wireless network |
US20100215179A1 (en) * | 2006-01-31 | 2010-08-26 | Texas Instruments Incorporated | Security Key Method In Semiconductor Manufacturing |
US8185921B2 (en) | 2006-02-28 | 2012-05-22 | Sony Corporation | Parental control of displayed content using closed captioning |
US7555464B2 (en) | 2006-03-01 | 2009-06-30 | Sony Corporation | Multiple DRM management |
US8014530B2 (en) | 2006-03-22 | 2011-09-06 | Intel Corporation | Method and apparatus for authenticated, recoverable key distribution with no database secrets |
JP2007288254A (en) * | 2006-04-12 | 2007-11-01 | Sony Corp | Communication system, communication apparatus and method, and program |
US20070244824A1 (en) * | 2006-04-13 | 2007-10-18 | Bowe Bell + Howell Company | Web-based method for accessing licensed products and features |
US20070266443A1 (en) * | 2006-05-12 | 2007-11-15 | Hitachi Global Storage Technologies Netherlands B.V. | Certified HDD with network validation |
KR101055712B1 (en) * | 2006-06-30 | 2011-08-11 | 인터내셔널 비지네스 머신즈 코포레이션 | Message handling on mobile devices |
US20080010449A1 (en) * | 2006-07-07 | 2008-01-10 | Michael Holtzman | Content Control System Using Certificate Chains |
US20080010452A1 (en) * | 2006-07-07 | 2008-01-10 | Michael Holtzman | Content Control System Using Certificate Revocation Lists |
US8613103B2 (en) | 2006-07-07 | 2013-12-17 | Sandisk Technologies Inc. | Content control method using versatile control structure |
US8639939B2 (en) | 2006-07-07 | 2014-01-28 | Sandisk Technologies Inc. | Control method using identity objects |
US20080010458A1 (en) * | 2006-07-07 | 2008-01-10 | Michael Holtzman | Control System Using Identity Objects |
CN101490688A (en) * | 2006-07-07 | 2009-07-22 | 桑迪士克股份有限公司 | Content control system and method using certificate revocation lists |
US20080022395A1 (en) * | 2006-07-07 | 2008-01-24 | Michael Holtzman | System for Controlling Information Supplied From Memory Device |
US8245031B2 (en) | 2006-07-07 | 2012-08-14 | Sandisk Technologies Inc. | Content control method using certificate revocation lists |
KR20090052321A (en) * | 2006-07-07 | 2009-05-25 | 쌘디스크 코포레이션 | Content control system and method using versatile control structure |
US8140843B2 (en) | 2006-07-07 | 2012-03-20 | Sandisk Technologies Inc. | Content control method using certificate chains |
US8266711B2 (en) | 2006-07-07 | 2012-09-11 | Sandisk Technologies Inc. | Method for controlling information supplied from memory device |
US20080034440A1 (en) * | 2006-07-07 | 2008-02-07 | Michael Holtzman | Content Control System Using Versatile Control Structure |
WO2008008243A2 (en) * | 2006-07-07 | 2008-01-17 | Sandisk Corporation | Control system and method using identity objects |
WO2008007995A1 (en) * | 2006-07-12 | 2008-01-17 | Sergei Vladimirovich Migalev | Software and hardware system |
US8015409B2 (en) * | 2006-09-29 | 2011-09-06 | Rockwell Automation Technologies, Inc. | Authentication for licensing in an embedded system |
US20080114689A1 (en) * | 2006-11-03 | 2008-05-15 | Kevin Psynik | Patient information management method |
US7613915B2 (en) * | 2006-11-09 | 2009-11-03 | BroadOn Communications Corp | Method for programming on-chip non-volatile memory in a secure processor, and a device so programmed |
DE102006057197B4 (en) * | 2006-12-05 | 2008-11-20 | Dräger Medical AG & Co. KG | Licensing system and method for transferring license information |
US7971056B2 (en) * | 2006-12-18 | 2011-06-28 | Microsoft Corporation | Direct memory access for compliance checking |
EP1936531A1 (en) | 2006-12-20 | 2008-06-25 | Thomson Licensing | Methods and device for secure software installation |
EP1939784A1 (en) * | 2006-12-20 | 2008-07-02 | THOMSON Licensing | Methods and a device for secure software installation |
US8087072B2 (en) * | 2007-01-18 | 2011-12-27 | Microsoft Corporation | Provisioning of digital identity representations |
US8689296B2 (en) | 2007-01-26 | 2014-04-01 | Microsoft Corporation | Remote access of digital identities |
EP1990971A3 (en) * | 2007-05-11 | 2009-01-21 | Thomson Licensing | Protecting live content in a network |
WO2008143550A2 (en) * | 2007-05-18 | 2008-11-27 | Grigoriy Rafailovich Lifshic | Trading machine |
MX2009014173A (en) | 2007-07-05 | 2010-03-04 | Fraunhofer Ges Forschung | Device and method for digital rights management. |
US8452967B2 (en) * | 2007-08-31 | 2013-05-28 | Microsoft Corporation | Using flash storage device to prevent unauthorized use of software |
US20090092248A1 (en) * | 2007-10-04 | 2009-04-09 | Advanced Micro Devices, Inc. | Encryption-based authentication for binding modules |
US8156550B2 (en) * | 2008-06-20 | 2012-04-10 | Microsoft Corporation | Establishing secure data transmission using unsecured E-mail |
US9104618B2 (en) | 2008-12-18 | 2015-08-11 | Sandisk Technologies Inc. | Managing access to an address range in a storage device |
US8156540B2 (en) * | 2009-01-28 | 2012-04-10 | Dell Products, Lp | System and method for managing feature enablement in an information handling system |
US20100284539A1 (en) * | 2009-03-09 | 2010-11-11 | The Regents Of The University Of Michigan | Methods for Protecting Against Piracy of Integrated Circuits |
EP3518128B1 (en) * | 2011-03-30 | 2021-04-28 | Irdeto B.V. | Enabling a software application to be executed on a hardware device |
US9270657B2 (en) * | 2011-12-22 | 2016-02-23 | Intel Corporation | Activation and monetization of features built into storage subsystems using a trusted connect service back end infrastructure |
US10728231B2 (en) * | 2012-07-09 | 2020-07-28 | Massachusetts Institute Of Technology | Data security using inter-zone gate circuits |
US9633330B1 (en) | 2014-04-04 | 2017-04-25 | Seagate Technoglogy LLC | Late stage SKU assignment |
US9584498B1 (en) | 2014-04-04 | 2017-02-28 | Seagate Technology Llc | Feature activation using near field communication |
US9535676B1 (en) | 2014-04-04 | 2017-01-03 | Seagate Technology Llc | Remote feature activation |
US9838250B1 (en) | 2014-04-04 | 2017-12-05 | Seagate Technology Llc | Recipient-specific feature activation |
US9998914B2 (en) | 2014-04-16 | 2018-06-12 | Jamf Software, Llc | Using a mobile device to restrict focus and perform operations at another mobile device |
WO2016012940A1 (en) * | 2014-07-21 | 2016-01-28 | Altech Multimedia (Pty) Limited | Streaming a linear broadcast to a tablet-like device |
US9647897B2 (en) | 2014-08-20 | 2017-05-09 | Jamf Software, Llc | Dynamic grouping of managed devices |
US10868672B1 (en) | 2015-06-05 | 2020-12-15 | Apple Inc. | Establishing and verifying identity using biometrics while protecting user privacy |
US11140171B1 (en) | 2015-06-05 | 2021-10-05 | Apple Inc. | Establishing and verifying identity using action sequences while protecting user privacy |
US11392716B2 (en) | 2017-05-12 | 2022-07-19 | Jamf Software, Llc | Mobile device management at a healthcare facility |
US10678950B2 (en) | 2018-01-26 | 2020-06-09 | Rockwell Automation Technologies, Inc. | Authenticated backplane access |
US10833849B2 (en) | 2018-03-21 | 2020-11-10 | Clover Network, Inc. | Unified secure device provisioning |
US10726681B1 (en) | 2019-07-26 | 2020-07-28 | Clover Network, Inc. | Advanced hardware system for self service checkout kiosk |
US11477012B2 (en) | 2019-09-24 | 2022-10-18 | Rockwell Automation Technologies, Inc. | Cryptographic feature licensing |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH02112082A (en) * | 1988-10-21 | 1990-04-24 | Matsushita Electric Ind Co Ltd | Microprocessor and ic card to use same |
JPH04100148A (en) * | 1989-10-02 | 1992-04-02 | Sun Microsyst Inc | Method of preventing malfeasant usage of software in computer network system |
JPH06103058A (en) * | 1992-05-15 | 1994-04-15 | Addison M Fischer | Data structure for program authorization information |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
FR2536880B1 (en) * | 1982-11-30 | 1987-05-07 | Bull Sa | MICROPROCESSOR DESIGNED IN PARTICULAR FOR EXECUTING THE CALCULATION ALGORITHMS OF A PUBLIC KEY ENCRYPTION SYSTEM |
US4658093A (en) * | 1983-07-11 | 1987-04-14 | Hellman Martin E | Software distribution system |
WO1993011480A1 (en) * | 1991-11-27 | 1993-06-10 | Intergraph Corporation | System and method for network license administration |
-
1994
- 1994-09-07 US US08/303,084 patent/US5473692A/en not_active Expired - Lifetime
-
1995
- 1995-06-07 US US08/472,951 patent/US5568552A/en not_active Expired - Lifetime
- 1995-09-01 EP EP95933027A patent/EP0780039A4/en not_active Ceased
- 1995-09-01 AU AU35832/95A patent/AU3583295A/en not_active Abandoned
- 1995-09-01 RU RU97105403A patent/RU2147790C1/en not_active IP Right Cessation
- 1995-09-01 JP JP50959896A patent/JP4294728B2/en not_active Expired - Fee Related
- 1995-09-01 WO PCT/US1995/011136 patent/WO1996008092A1/en active Search and Examination
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH02112082A (en) * | 1988-10-21 | 1990-04-24 | Matsushita Electric Ind Co Ltd | Microprocessor and ic card to use same |
JPH04100148A (en) * | 1989-10-02 | 1992-04-02 | Sun Microsyst Inc | Method of preventing malfeasant usage of software in computer network system |
JPH06103058A (en) * | 1992-05-15 | 1994-04-15 | Addison M Fischer | Data structure for program authorization information |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2002527781A (en) * | 1998-10-06 | 2002-08-27 | コーニンクレッカ フィリップス エレクトロニクス エヌ ヴィ | Method and system for certificate management of consumer electronic devices |
JP2011193477A (en) * | 1998-10-30 | 2011-09-29 | Virnet X Inc | Agile network protocol for secure communication with assured system availability |
JP2003500923A (en) * | 1999-05-21 | 2003-01-07 | インターナショナル・ビジネス・マシーンズ・コーポレーション | Method, computer program and device for initializing secure communication and exclusively pairing devices |
US6886095B1 (en) | 1999-05-21 | 2005-04-26 | International Business Machines Corporation | Method and apparatus for efficiently initializing secure communications among wireless devices |
JP2005535040A (en) * | 2002-08-06 | 2005-11-17 | プリヴァリス・インコーポレーテッド | Method for secure registration and backup of personal identification to an electronic device |
Also Published As
Publication number | Publication date |
---|---|
EP0780039A4 (en) | 2002-05-02 |
US5473692A (en) | 1995-12-05 |
AU3583295A (en) | 1996-03-27 |
RU2147790C1 (en) | 2000-04-20 |
US5568552A (en) | 1996-10-22 |
JP4294728B2 (en) | 2009-07-15 |
EP0780039A1 (en) | 1997-06-25 |
WO1996008092A1 (en) | 1996-03-14 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JPH10507324A (en) | Loving software license for hardware agents | |
US6058478A (en) | Apparatus and method for a vetted field upgrade | |
JP4638990B2 (en) | Secure distribution and protection of cryptographic key information | |
US7899187B2 (en) | Domain-based digital-rights management system with easy and secure device enrollment | |
CN108513704B (en) | Remote distribution method and system of terminal master key | |
US7697691B2 (en) | Method of delivering Direct Proof private keys to devices using an on-line service | |
JP4746233B2 (en) | Trusted computing platforms that limit the use of data | |
JP4240297B2 (en) | Terminal device, authentication terminal program, device authentication server, device authentication program | |
US7877604B2 (en) | Proof of execution using random function | |
US20040088541A1 (en) | Digital-rights management system | |
JP2009529832A (en) | Undiscoverable, ie secure data communication using black data | |
JP2005080315A (en) | System and method for providing service | |
JP2002503354A (en) | How to manage access to devices | |
JP2004013438A (en) | Electronic value data communication method, communication system, ic card, and portable terminal | |
JPH09200194A (en) | Device and method for security communication | |
JPH09261217A (en) | Communication equipment and its method | |
KR100239865B1 (en) | Apparatus and method for providing secured communications | |
JP2005020580A (en) | Network system | |
JP2002135239A (en) | Encryption data distribution service system | |
JP2008306685A (en) | Security information setting system, master terminal thereof, general terminal, and program | |
TW200830833A (en) | Network data security system and protection method therefore | |
JP2002374237A (en) | Information providing method | |
JPH10327144A (en) | Method for authenticating agency and system therefor |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
A131 | Notification of reasons for refusal |
Free format text: JAPANESE INTERMEDIATE CODE: A131 Effective date: 20050531 |
|
A521 | Request for written amendment filed |
Free format text: JAPANESE INTERMEDIATE CODE: A523 Effective date: 20050829 |
|
A02 | Decision of refusal |
Free format text: JAPANESE INTERMEDIATE CODE: A02 Effective date: 20060207 |
|
A521 | Request for written amendment filed |
Free format text: JAPANESE INTERMEDIATE CODE: A523 Effective date: 20060426 |
|
A911 | Transfer to examiner for re-examination before appeal (zenchi) |
Free format text: JAPANESE INTERMEDIATE CODE: A911 Effective date: 20060713 Free format text: JAPANESE INTERMEDIATE CODE: A911 Effective date: 20060713 |
|
A912 | Re-examination (zenchi) completed and case transferred to appeal board |
Free format text: JAPANESE INTERMEDIATE CODE: A912 Effective date: 20060817 |
|
A521 | Request for written amendment filed |
Free format text: JAPANESE INTERMEDIATE CODE: A523 Effective date: 20081222 |
|
A01 | Written decision to grant a patent or to grant a registration (utility model) |
Free format text: JAPANESE INTERMEDIATE CODE: A01 |
|
A61 | First payment of annual fees (during grant procedure) |
Free format text: JAPANESE INTERMEDIATE CODE: A61 Effective date: 20090409 |
|
FPAY | Renewal fee payment (event date is renewal date of database) |
Free format text: PAYMENT UNTIL: 20120417 Year of fee payment: 3 |
|
R150 | Certificate of patent or registration of utility model |
Free format text: JAPANESE INTERMEDIATE CODE: R150 |
|
FPAY | Renewal fee payment (event date is renewal date of database) |
Free format text: PAYMENT UNTIL: 20120417 Year of fee payment: 3 |
|
FPAY | Renewal fee payment (event date is renewal date of database) |
Free format text: PAYMENT UNTIL: 20130417 Year of fee payment: 4 |
|
FPAY | Renewal fee payment (event date is renewal date of database) |
Free format text: PAYMENT UNTIL: 20130417 Year of fee payment: 4 |
|
FPAY | Renewal fee payment (event date is renewal date of database) |
Free format text: PAYMENT UNTIL: 20140417 Year of fee payment: 5 |
|
R250 | Receipt of annual fees |
Free format text: JAPANESE INTERMEDIATE CODE: R250 |
|
LAPS | Cancellation because of no payment of annual fees |